• #dev 2017-06-30
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#dev ≡
  • ←
  • →
2017-06-30 UTC
# 13:21
Zegnat ben_thatmustbeme, no, === is not safe. That’s why I said not timing-attack safe. hash_equals is really the only correct way. We could either do bitwise comparison ourselves, or use hash_equals when available and become non-safe as fallback :(