This page lists coding rules with for each a description of the problem addressed (with a concrete example of failure), and then one or more solutions (with example code snippets). Compare secret strings in constant time Problem String comparisons performed byte-per-byte may be exploited in timing attacks, for example in order to forge MACs (see this vulnerability in Google's Keyczar crypto librar