Timing Attacks against String Comparison
All code examples are available here.
Timing Attacks are a particular type of attacks that use flaws in code that impact the execution time.
TLDR
Don’t use string comparison ==
when checking for secrets or token equality. Use safe implementations.
Vulnerable code
Vulnerability explanation
SCHEMA