diff --git a/lndc/conn.go b/lndc/conn.go
index 06868f505..19134a8b7 100644
--- a/lndc/conn.go
+++ b/lndc/conn.go
@@ -3,6 +3,7 @@ package lndc
 import (
 	"bytes"
 	"crypto/cipher"
+	"crypto/hmac"
 	"encoding/binary"
 	"fmt"
 	"net"
@@ -181,7 +182,7 @@ func (c *LNDConn) authPubKey(
 
 	// Verify that their proof matches our locally computed version.
 	theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
-	if bytes.Equal(resp, theirDHproof) == false {
+	if !hmac.Equal(resp, theirDHproof) {
 		return fmt.Errorf("invalid DH proof %x", theirDHproof)
 	}
 
@@ -232,7 +233,7 @@ func (c *LNDConn) authPKH(
 	theirDHproof := btcutil.Hash160(append(localEphPubBytes, idDH[:]...))
 
 	// Verify that their DH proof matches the one we just generated.
-	if bytes.Equal(resp[33:], theirDHproof) == false {
+	if !hmac.Equal(resp[33:], theirDHproof) {
 		return fmt.Errorf("Invalid DH proof %x", theirDHproof)
 	}