Now checking the hashes in constant time

cryptography/src/master_pass.rs

@@ -2,6 +2,7 @@ use entity::master_pass;
 use rand::{rngs::OsRng, RngCore};
 use scrypt::{scrypt, Params};
 use sea_orm::ActiveValue::Set;
+use subtle::ConstantTimeEq;
 
 /// Hashes the password with Scrypt with the given salt
 #[inline]
@@ -21,7 +22,7 @@ impl VerifyMasterPassExt for master_pass::Model {
     #[inline]
     fn verify(&self, password: &str) -> bool {
         let hashed = hash_password(password.as_bytes(), &self.salt);
-        hashed == self.password_hash.as_slice()
+        hashed.ct_eq(&self.password_hash).into()
     }
 }