potential timing attack against verifyPassword

[maralorn]

When discussing cdepillabout/password#15
@Vlix noticed, that scrypt probably has the same security issue.

Maybe you wanna have a look into it. I‘ll elaborate more if you have any questions.

[informatikr]

Thanks for writing. I replied over at cdepillabout/password#15