In https://echo.labstack.com/cookbook/jwt , == results in a timing attack (even if you are comparing hashes like this: hash(webPassword) == savedHashedPassword).
The example code should probably have at least a comment // example only; string comparisons are vulnerable to timing attacks and perhaps another comment that even just hashed passwords should use the timing-attack-resistant comparison functions within the hash library, rather than a regular == string comparison.
In https://echo.labstack.com/cookbook/jwt ,
==results in a timing attack (even if you are comparing hashes like this:hash(webPassword) == savedHashedPassword).The example code should probably have at least a comment
// example only; string comparisons are vulnerable to timing attacksand perhaps another comment that even just hashed passwords should use the timing-attack-resistant comparison functions within the hash library, rather than a regular==string comparison.