httpsig-rs: HMAC verification is vulnerable to timing attack
HMAC signature comparison is not timing-safe and is vulnerable to timing attacks.
Advisories for Cargo/Httpsig package
2025
HMAC signature comparison is not timing-safe and is vulnerable to timing attacks.