[Question] - Why use bitwise comparison for the `hmac_equals`?

[larsqa]

Hi @soatok,

Foremost, amazing blog and library. You provide some great resources for understanding cryptography better!

I'm curious, from your blog post about "Double HMAC Validation", the PHP code snippet uses === (tripple string comparison).

However, in this POC library, you're using bitwise comparison to compare both HMAC's.

Is there any specific reason for this?

(p.s. Keep up the good work :) )

[soatok]

Either solution is effective on its own, but if I was lazy and used === , someone might have reported it as a bug.