//! Hashing helpers for secrets stored at rest (session tokens, OTP codes,
//! magic-link tokens).
//!
//! We use SHA-256 with hex encoding. The values are high-entropy random tokens
//! generated by this crate — a simple digest is sufficient, we don't need an
//! expensive password hash (bcrypt/argon2) because there is nothing to
//! brute-force if the original value is already uniformly random.
use ;
/// Hash a secret for storage. Returns a lowercase hex string (64 chars).
/// Constant-time byte comparison. Always compares the full length of both
/// slices to avoid leaking the matching prefix through timing.