Constant time execution
While more of a problem for the underlying cryptographic primitives, we can't really ignore timing attacks.
Currently the code is incomplete and thus it is not the time to think about this, but eventually we will have to test and verify all execution paths to make sure we do not incur into timing attacks that leak information.
This ticket is here to reference the code that does or just might suffer from timing attacks
Examples of this are:
- username resolution
- password/token checks
- string comparison of anything that should be secret
Possible solutions: use libsodium sodium_memcmp, implement a new one, check generated assembly with GCC and clang