Improved constant time equals and add mention in readme

Author: patrickfav

README.md

@@ -376,6 +376,8 @@ Bytes.wrap(array).entropy();
 Of course all standard Java Object methods are implemented including:
 `hashCode()`, `equals()`, `toString()` as well as it being
 [`Comparable`](https://docs.oracle.com/javase/7/docs/api/java/lang/Comparable.html).
+In addition there is a constant time `equalsConstantTime()` method, see [here](https://codahale.com/a-lesson-in-timing-attacks/) why this
+might be useful.
 
 The `toString()` methods only shows the length and a preview of maximal 8 bytes:
 

src/main/java/at/favre/lib/bytes/Bytes.java

@@ -1627,6 +1627,8 @@ public boolean equals(byte[] anotherArray) {
      * will not break on the first mismatch. This method is useful to prevent some side-channel attacks,
      * but is slower on average.
      *
+     * This implementation uses the algorithm suggested in https://codahale.com/a-lesson-in-timing-attacks/
+     *
      * @param anotherArray to compare with
      * @return true if {@link Arrays#equals(byte[], byte[])} returns true on given and internal array
      */

src/main/java/at/favre/lib/bytes/Util.java

@@ -433,13 +433,17 @@ static boolean equals(byte[] obj, Byte[] anotherArray) {
         return true;
     }
 
+    /**
+     * See https://codahale.com/a-lesson-in-timing-attacks/
+     */
     static boolean constantTimeEquals(byte[] obj, byte[] anotherArray) {
         if (anotherArray == null || obj.length != anotherArray.length) return false;
-        boolean result = true;
+
+        int result = 0;
         for (int i = 0; i < obj.length; i++) {
-            result &= obj[i] == anotherArray[i];
+            result |= obj[i] ^ anotherArray[i];
         }
-        return result;
+        return result == 0;
     }
 
     /*