diff --git a/lib/HashAlgorithm/Cleartext.php b/lib/HashAlgorithm/Cleartext.php
index 428ea83..e5a60bd 100644
--- a/lib/HashAlgorithm/Cleartext.php
+++ b/lib/HashAlgorithm/Cleartext.php
@@ -50,6 +50,6 @@ class Cleartext implements HashAlgorithm
      */
     public function checkPassword($password, $dbHash)
     {
-        return $password === $dbHash;
+        return hash_equals($dbHash, $password);
     }
 }
diff --git a/lib/HashAlgorithm/CourierMD5.php b/lib/HashAlgorithm/CourierMD5.php
index 42d6e7b..25476eb 100644
--- a/lib/HashAlgorithm/CourierMD5.php
+++ b/lib/HashAlgorithm/CourierMD5.php
@@ -44,7 +44,7 @@ class CourierMD5 implements HashAlgorithm
      */
     public function checkPassword($password, $dbHash)
     {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
     }
 
     /**
diff --git a/lib/HashAlgorithm/CourierMD5Raw.php b/lib/HashAlgorithm/CourierMD5Raw.php
index 3d31819..dbdfc04 100644
--- a/lib/HashAlgorithm/CourierMD5Raw.php
+++ b/lib/HashAlgorithm/CourierMD5Raw.php
@@ -42,7 +42,7 @@ class CourierMD5Raw implements HashAlgorithm
      */
     public function checkPassword($password, $dbHash)
     {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
     }
 
     /**
diff --git a/lib/HashAlgorithm/CourierSHA1.php b/lib/HashAlgorithm/CourierSHA1.php
index 2553c61..21f3a44 100644
--- a/lib/HashAlgorithm/CourierSHA1.php
+++ b/lib/HashAlgorithm/CourierSHA1.php
@@ -44,7 +44,7 @@ class CourierSHA1 implements HashAlgorithm
      */
     public function checkPassword($password, $dbHash)
     {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
     }
 
     /**
diff --git a/lib/HashAlgorithm/CourierSHA256.php b/lib/HashAlgorithm/CourierSHA256.php
index c7e4c94..0951d59 100644
--- a/lib/HashAlgorithm/CourierSHA256.php
+++ b/lib/HashAlgorithm/CourierSHA256.php
@@ -44,7 +44,7 @@ class CourierSHA256 implements HashAlgorithm
      */
     public function checkPassword($password, $dbHash)
     {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
     }
 
     /**
diff --git a/lib/HashAlgorithm/MD5.php b/lib/HashAlgorithm/MD5.php
index f87db67..8b43bb2 100644
--- a/lib/HashAlgorithm/MD5.php
+++ b/lib/HashAlgorithm/MD5.php
@@ -42,7 +42,7 @@ class MD5 implements HashAlgorithm
      */
     public function checkPassword($password, $dbHash)
     {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
     }
 
     /**
diff --git a/lib/HashAlgorithm/SHA1.php b/lib/HashAlgorithm/SHA1.php
index 086a527..b59b9c2 100644
--- a/lib/HashAlgorithm/SHA1.php
+++ b/lib/HashAlgorithm/SHA1.php
@@ -42,7 +42,7 @@ class SHA1 implements HashAlgorithm
      */
     public function checkPassword($password, $dbHash)
     {
-        return $this->getPasswordHash($password) === $dbHash;
+        return hash_equals($dbHash, $this->getPasswordHash($password));
     }
 
     /**