I believe that Ruby's Digest == method suffers from a similar issue. It uses rb_str_cmp to compare the hex strings, which uses rb_memcmp to do the comparison which uses memcmp.

The implementation of memcmp bails out as soon as it finds a difference:

  int
  memcmp(const void *s1, const void *s2, size_t len)
  {
    register unsigned char *a = (unsigned char*)s1;
    register unsigned char *b = (unsigned char*)s2;
    register int tmp;

    for (; len; --len) {
        if (tmp = *a++ - *b++)
            return tmp;
    }
    return 0;
  }

I suppose I ought to be reporting that somewhere. OK, I just told the security alias for Ruby about it.