Comparing strings in C is typically handled with `strncmp`. This is fine in most cases but if you need to compare sensitive information, such as a message digest, it's a really bad choice. `strncmp` is susceptible to timing attacks because it will stop comparing once the first difference is encountered. The overall design of constant … Continue reading Constant Time String Comparison in C