Description
Hi,
I'm the maintainer of Credential. We're currently trying to harden our constant time equality check in Credential, and we're looking for a good statistics test to ensure that our timing is constant enough to thwart timing attacks.
Your experience and feedback would be very useful. Please take a look at this proposed constant time string comparison. I'm especially interested in producing a test suite that can guarantee statistically significant constant time equality comparisons, and I believe such tests would be useful to node.bcrypt, as well.
Thanks!