A
timing attack measures response times to infer secret information — string comparison functions that return faster for longer matching prefixes reveal password lengths and values.
Constant-time comparison functions prevent timing attacks. Relevant for: password comparison, cryptographic operations, database queries (different response times for existing vs. nonexistent users — username enumeration). Use timing-safe equals functions.