github.com/agnivade/easy-scrypt is vulnerable to Timing Attacks. The vulnerability exists because the VerifyPassphrase
function of scrypt.go
does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash.