Improve security of SFTP server against timing attacks
Use a constant time string comparison for password auth and only keep a hash of the password in memory.
Use a constant time string comparison for password auth and only keep a hash of the password in memory.