> If we use timingsafe_bcmp widely (safe as > that may be), it's very hard to convey the idea that there are > circumstances when it is not safe. Using timingsafe_memcmp raises its > awareness and will make it other developers' default choice.
Exactly. It is easier to develop a pattern/meme when the choice is simple to remember. If the decision tree is too complex, people simply walk away. The performance cost is totally irrelevant.
