Hi! I've asked this question before in an earlier thread about the canonical way to use scrypt, but I don't think it was ever answered; apologies if I missed the answer.
When comparing the result of the scrypt KDF to a previously computed & stored value (say, in the context of a stored password), is it necessary to compare the two strings in constant time? cheers lvh
