[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is a constant time string compare necessary?


I've asked this question before in an earlier thread about the canonical way to use scrypt, but I don't think it was ever answered; apologies if I missed the answer.

When comparing the result of the scrypt KDF to a previously computed & stored value (say, in the context of a stored password), is it necessary to compare the two strings in constant time?