Glossary

Constant-time comparison

A constant-time comparison checks two values without returning early on the first mismatch, so an attacker cannot learn a secret from how long the check took.

2 min read

Definition

A naive string compare stops at the first differing byte, so its running time leaks how many leading bytes matched. A constant-time comparison always examines the full length, removing that timing side channel — essential when comparing an HMAC signature.

In plain terms

Comparing secrets in a way that does not leak them through timing.

Why it matters here

Use your language's constant-time helper (for example hmac.compare_digest) when verifying webhooks. See verifying a signature.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.