cybersecurity · intermediate · ~15 min · safe pentest lab
Avoid early-exit branches when comparing secret material.
Implement int ct_token_match(const char *a, const char *b) that compares two NUL-terminated tokens in constant time (with respect to their content). Return 1 if equal, 0 otherwise.
Constant time matters when you compare against secrets (HMACs, password hashes, API tokens) — a timing-leaky compare lets an attacker brute-force the secret one byte at a time.
#include <stddef.h>
int ct_token_match(const char *a, const char *b) {
/* TODO */
return 0;
}
Solve this exercise in the browser editor — compile and run against the test harness, no setup required.