Tests two byte arrays for value equality in a way that defends against timing attacks.
Tests two byte arrays for value equality in a way that defends against timing attacks. Simple equality testing will stop at the end of a matching prefix thereby leaking information about the length of the matching prefix which can be exploited for per-byte progressive brute-forcing.
This function leaks information about the length of each byte array as well as whether the two byte arrays have the same length.
http://rdist.root.org/2009/05/28/timing-attack-in-google-keyczar-library/