diff --git a/CHANGES b/CHANGES
index 12bba34..2c06dd0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,7 @@
   add io_fd_canwrite (like io_fd but assume the fd is writable)
   save a few syscalls here and there
   add awesome hack in isset.h (comex, Linus Torvalds)
+  add byte_equal_notimingattack
 
 0.28:
   add uint64 pack and unpack routines
diff --git a/byte.h b/byte.h
index 3cf802a..c9cf0c0 100644
--- a/byte.h
+++ b/byte.h
@@ -41,6 +41,8 @@ void byte_zero(void* out, size_t len);
 
 #define byte_equal(s,n,t) (!byte_diff((s),(n),(t)))
 
+int byte_equal_notimingattack(const void* a, size_t len,const void* b) __pure__;
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/byte/byte_equal_notimingattack.c b/byte/byte_equal_notimingattack.c
new file mode 100644
index 0000000..5939d3f
--- /dev/null
+++ b/byte/byte_equal_notimingattack.c
@@ -0,0 +1,19 @@
+#include <byte.h>
+
+/* If you need to compare a password or a hash value, the timing of the
+ * comparison function can give valuable clues to the attacker. Let's
+ * say the password is 123456 and the attacker tries abcdef. If the
+ * comparision function fails at the first byte without looking at the
+ * other bytes, then the attacker can measure the difference in runtime
+ * and deduce which byte was wrong, reducing the attack space from
+ * exponential to polynomial. */
+int byte_equal_notimingattack(const void* a, size_t len,const void* b) {
+  size_t i;
+  const unsigned char* x=(const unsigned char*)a;
+  const unsigned char* y=(const unsigned char*)b;
+  unsigned char res=0;
+  for (i=0; i<len; ++i) {
+    res |= (x[i]^y[i]);
+  }
+  return res==0;
+}