diff --git a/src/Utils.cpp b/src/Utils.cpp
index 186c8720a2..f32b49c099 100644
--- a/src/Utils.cpp
+++ b/src/Utils.cpp
@@ -81,7 +81,11 @@ int Utils::MACThenDecrypt(const uint8_t* shared_secret, uint8_t* dest, const uin
     sha.update(src + CIPHER_MAC_SIZE, src_len - CIPHER_MAC_SIZE);
     sha.finalizeHMAC(shared_secret, PUB_KEY_SIZE, hmac, CIPHER_MAC_SIZE);
   }
-  if (memcmp(hmac, src, CIPHER_MAC_SIZE) == 0) {
+  // Constant-time MAC compare: memcmp() returns at the first non-matching byte,
+  // leaking byte-of-first-mismatch via timing.
+  uint8_t diff = 0;
+  for (int k = 0; k < CIPHER_MAC_SIZE; k++) diff |= hmac[k] ^ src[k];
+  if (diff == 0) {
     return decrypt(shared_secret, dest, src + CIPHER_MAC_SIZE, src_len - CIPHER_MAC_SIZE);
   }
   return 0; // invalid HMAC