diff --git a/readme.md b/readme.md
index 11e3623..70e531e 100644
--- a/readme.md
+++ b/readme.md
@@ -1,4 +1,4 @@
-# Barzahlen Payment Module PHP SDK (v2.0.0)
+# Barzahlen Payment Module PHP SDK (v2.0.1)
 
 [![Build Status](https://travis-ci.org/Barzahlen/Barzahlen-PHP.svg?branch=master)](https://travis-ci.org/Barzahlen/Barzahlen-PHP)
 [![Total Downloads](https://poser.pugx.org/barzahlen/barzahlen-php/downloads)](https://packagist.org/packages/barzahlen/barzahlen-php)
diff --git a/src/Client.php b/src/Client.php
index 2c9c7cd..3adcabf 100644
--- a/src/Client.php
+++ b/src/Client.php
@@ -26,7 +26,7 @@ class Client
     /**
      * @var string
      */
-    private $userAgent = 'PHP SDK v2.0.0';
+    private $userAgent = 'PHP SDK v2.0.1';
 
 
     /**
diff --git a/src/Middleware.php b/src/Middleware.php
index ff3e7ec..ba981bc 100644
--- a/src/Middleware.php
+++ b/src/Middleware.php
@@ -30,4 +30,30 @@ public static function generateSignature($host, $method, $path, $query, $date, $
 
         return hash_hmac('sha256', $signatureString, $key);
     }
+
+    /**
+     * @param string $first
+     * @param string $second
+     * @return boolean
+     *
+     * Workaround for PHP < 5.6 by: asphp at dsgml dot com
+     * Source: https://php.net/manual/en/function.hash-equals.php#115635
+     */
+    public static function stringsEqual($first, $second)
+    {
+        if (function_exists('hash_equals')) {
+            return hash_equals($first, $second);
+        }
+
+        if (strlen($first) != strlen($second)) {
+            return false;
+        }
+
+        $res = $first ^ $second;
+        $ret = 0;
+        for ($i = strlen($res) - 1; $i >= 0; $i--) {
+            $ret |= ord($res[$i]);
+        }
+        return !$ret;
+    }
 }
diff --git a/src/Webhook.php b/src/Webhook.php
index 556a326..a862814 100644
--- a/src/Webhook.php
+++ b/src/Webhook.php
@@ -36,6 +36,6 @@ public function verify($header, $body)
             $this->paymentKey
         );
 
-        return $header['HTTP_BZ_SIGNATURE'] == 'BZ1-HMAC-SHA256 ' . $signature;
+        return Middleware::stringsEqual($header['HTTP_BZ_SIGNATURE'], 'BZ1-HMAC-SHA256 ' . $signature);
     }
 }
\ No newline at end of file
diff --git a/tests/ClientTest.php b/tests/ClientTest.php
index fb432ea..9d132ae 100644
--- a/tests/ClientTest.php
+++ b/tests/ClientTest.php
@@ -21,7 +21,7 @@ public function setUp()
 
     public function testDefaultUserAgent()
     {
-        $this->assertAttributeEquals('PHP SDK v2.0.0', 'userAgent', $this->client);
+        $this->assertAttributeEquals('PHP SDK v2.0.1', 'userAgent', $this->client);
     }
 
     public function testSetUserAgent()
@@ -41,7 +41,7 @@ public function testBuildHeaderWithIdempotency()
         $header = $this->client->buildHeader($request);
         $this->assertEquals('Host: api.barzahlen.de', $header[0]);
         $this->assertContains('Date: ', $header[1]);
-        $this->assertEquals('User-Agent: PHP SDK v2.0.0', $header[2]);
+        $this->assertEquals('User-Agent: PHP SDK v2.0.1', $header[2]);
         $this->assertRegExp('/^Authorization: BZ1-HMAC-SHA256 DivisionId=12345, Signature=[a-f0-9]{64}$/', $header[3]);
         $this->assertRegExp('/^Idempotency-Key: [a-f0-9]{32}$/', $header[4]);
     }
@@ -54,7 +54,7 @@ public function testBuildHeaderWithoutIdempotencyForSandbox()
         $header = $client->buildHeader($request);
         $this->assertEquals('Host: api-sandbox.barzahlen.de', $header[0]);
         $this->assertContains('Date: ', $header[1]);
-        $this->assertEquals('User-Agent: PHP SDK v2.0.0', $header[2]);
+        $this->assertEquals('User-Agent: PHP SDK v2.0.1', $header[2]);
         $this->assertRegExp('/^Authorization: BZ1-HMAC-SHA256 DivisionId=12345, Signature=[a-f0-9]{64}$/', $header[3]);
         $this->assertArrayNotHasKey(4, $header);
     }
diff --git a/tests/MiddlewareTest.php b/tests/MiddlewareTest.php
index e77f1f3..bc4d68b 100644
--- a/tests/MiddlewareTest.php
+++ b/tests/MiddlewareTest.php
@@ -21,4 +21,28 @@ public function testGenerateSignature()
 
         $this->assertEquals('35764655afcf2121602a5493b58020d3b6b9d75b4150c7395acf6114ae0ba49c', $signature);
     }
+
+    public function testStringsEqualInvalidLength()
+    {
+        $first = 'thisisarandomstring123';
+        $second = 'thisisanotherrandomstring123';
+
+        $this->assertFalse(Middleware::stringsEqual($first, $second));
+    }
+
+    public function testStringsEqualInvalidContent()
+    {
+        $first = 'thisisarandomstring123';
+        $second = 'thisisarandomstring124';
+
+        $this->assertFalse(Middleware::stringsEqual($first, $second));
+    }
+
+    public function testStringsEqualValid()
+    {
+        $first = 'thismustbeavalidhash';
+        $second = 'thismustbeavalidhash';
+
+        $this->assertTrue(Middleware::stringsEqual($first, $second));
+    }
 }