Constant-time processing only for failures okay?
Premise: When looking up a secret value in a DB (API key, token, maybe username) it’s near-impossible to guarantee that the lookup doesn’t leak something about the similarity of the candidate value to an existing value. So it makes sense t… Continue reading Constant-time processing only for failures okay?