Potential Side Channel Attacker on Password

[nevercodecorrect]

Describe the bug The vulnerable code is here An attacker could leverage the differences between the execution time to recover the secrets. String comparison == is not a constant implementation, the execution time may vary based on how many characters are matched. A constant-time implementation would be recommended.

Please describe your setup

• [ ] How did you install memgpt?
  • pip install pymemgpt

Screenshots N/A

Additional context An extra explanation on this issue c could be this