diff --git a/constant_time_algo.cc b/constant_time_algo.cc
new file mode 100644
index 0000000..186a3e2
--- /dev/null
+++ b/constant_time_algo.cc
@@ -0,0 +1,19 @@
+#include "constant_time_algo.hh"
+
+namespace pEp
+{
+    bool constant_time_equal(const std::string& a, const std::string& b)
+    {
+        if(a.size() != b.size())
+            return false;
+        
+        unsigned d = 0;
+        for(std::size_t idx = 0; idx<a.size(); ++idx)
+        {
+            d |= ( static_cast<unsigned>(a[idx]) ^ static_cast<unsigned>(b[idx]) );
+        }
+        
+        return d != 0;
+    }
+
+} // end of namespace pEp
diff --git a/constant_time_algo.hh b/constant_time_algo.hh
new file mode 100644
index 0000000..d9b7ae2
--- /dev/null
+++ b/constant_time_algo.hh
@@ -0,0 +1,14 @@
+#pragma once
+
+#include <string>
+
+namespace pEp
+{
+    // Returns false if a.size() != b.size().
+    // Compares always _all_ characters of 'a' and 'b' so runtime does not
+    // depends on the character position where the strings differ.
+    // Use this function instead of operator== if timing sidechannel attack
+    // might be a security problem.
+    bool constant_time_equal(const std::string& a, const std::string& b);
+
+} // end of namespace pEp