diff --git a/Crypto/PasswordStore.hs b/Crypto/PasswordStore.hs
--- a/Crypto/PasswordStore.hs
+++ b/Crypto/PasswordStore.hs
@@ -1,4 +1,4 @@
-{-# LANGUAGE OverloadedStrings, BangPatterns #-}
+{-# LANGUAGE OverloadedStrings, BangPatterns, FlexibleInstances #-}
 {-# LANGUAGE CPP #-}
 -- |
 -- Module      : Crypto.PasswordStore
@@ -111,7 +111,7 @@
 import qualified Data.Binary as Binary
 import Control.Monad
 import Control.Monad.ST
-import Data.Byteable (toBytes)
+import Data.Byteable (Byteable, toBytes, constEqBytes)
 import Data.STRef
 import Data.Bits
 import Data.ByteString.Char8 (ByteString)
@@ -123,6 +123,7 @@
 import Data.Char
 import Data.List
 import Data.Function
+import qualified Data.Foldable as FL
 
 ---------------------
 -- Cryptographic base
@@ -299,11 +300,8 @@
 makePasswordSalt :: ByteString -> Salt -> Int -> ByteString
 makePasswordSalt = makePasswordSaltWith pbkdf1 (2^)
 
--- | Constant-time comparison function to use instead of == when comparing with a secret
-constantTimeCompare a b = 
-  ((==) `on` length) a b && 0 == (foldl1 (.|.) joined)
-  where
-    joined = zipWith (xor `on` ord) a b
+instance Byteable [Char] where
+  toBytes = B.pack
 
 -- | 'verifyPasswordWith' @algorithm userInput pwHash@ verifies
 -- the password @userInput@ given by the user against the stored password
@@ -331,7 +329,7 @@
     case readPwHash pwHash of
       Nothing -> False
       Just (strength, salt, goodHash) ->
-          encode (algorithm userInput salt (strengthModifier strength)) `constantTimeCompare` goodHash
+          encode (algorithm userInput salt (strengthModifier strength)) `constEqBytes` goodHash
 
 -- | Like 'verifyPasswordWith', but uses 'pbkdf1' as algorithm.
 verifyPassword :: ByteString -> ByteString -> Bool
diff --git a/pwstore-fast.cabal b/pwstore-fast.cabal
--- a/pwstore-fast.cabal
+++ b/pwstore-fast.cabal
@@ -1,5 +1,5 @@
 Name:                pwstore-fast
-Version:             2.4.2
+Version:             2.4.3
 Synopsis:            Secure password storage.
 Description:         To store passwords securely, they should be salted,
                      then hashed with a slow hash function. This library
