I came across the python cryptography package and noticed that it contained the following information about signaling security vulnerabilities:
"Examples of things we would not consider to be security issues:
Using a variable time comparison somewhere, it is impossible to articulate a particular program in which this would result in problematic information disclosure. "
I thought that the lack of variable time comparison was one of the things that the implementation of cryptography allowed to secure. Should this be an objective of all secure cryptography libraries? If not, under what conditions does it make any difference in security, whether a constant time comparison is used or not?