Equality Checking with Constant Runtime

Hi everyone,

When doing comparisons of sensitive data such as HMACS or other message digests, there are usually special functions in the language that can guarantee a constant run time. Otherwise, an attacker can gain information about the sensitive data by measuring the run time of the program.
As an example, in Java there is java.security.MessageDigest.isEqual which should be used for that purpose.

How can I achieve such a comparison with constant run time in Kotlin? Can I somehow include the Java method in my code?

For more information regarding timing attacks, see, e.g. https://codahale.com/a-lesson-in-timing-attacks/

Yes, as long as you are on the JVM platform the entire Java standard library is available. You can even create some extension methods to make the actual code more elegant.