srp: num-bigint isn't constant-time #191
Description
srp is implemented in terms of the num-bigint crate, which automatically eliminates "limbs" in its bignums which contain leading zeros. This leads to all sorts of data-dependent timing behavior, similar to RustCrypto/RSA#19