This article seems confused. To successfully execute a timing attack against the hash equality comparison, an attacker would need to be able to generate passwords hashing to arbitrary chosen prefixes, which means that your hash function is super broken.
Out of curiosity, if you were to write a constant time comparison that always compares every byte, will some compilers just optimize that away and replace it with something that returns false on the first unequal byte?