Compares two hashes for equality in constant time
Device (from impOS™ 36) + Agent
|hashOne||String or blob||
First comparison hash
|hashTwo||String or blob||
Second comparison hash
Bool — true if the hashes are equal, false otherwise
This method compares the two parameter values for equality and, crucially, does so in constant time. This approach prevents protected information being inferred from the operation by measuring how long it takes. For example, a user is able to check a received HMAC without allowing the correct value to be deduced from the duration of the comparison.
For more information on this technique and the types of attack it overcomes, please see this article on CWE.