No need to have avoid timing side-channel attack in user_add. We're just going to tell you if the user already exists anyway.

doc/security.mdwn

@@ -8,7 +8,7 @@ Here is an overview of how user passwords are currently being stored in Plinth.
 
 1. We check if the username or password is empty. If so, return an error message.
 
-2. Use bcrypt (from passlib) to encrypt the password and generate a random salt. This step is performed regardless of whether the user already exists.
+2. Use bcrypt (from passlib) to encrypt the password and generate a random salt.
 
 3. If the password length is over 4096, bcrypt raises an exception. We catch this exception and return an error message.
 

modules/installed/lib/auth.py

@@ -24,17 +24,15 @@ def add_user(username, passphrase, name='', email='', expert=False):
     if not passphrase: error = "Must specify a passphrase!"
 
     if error is None:
-        # hash the password whether the user exists, to foil timing
+        if username in map(lambda x: x[0], cfg.users.get_all()):
-        # side-channel attacks
+            error = "User already exists!"
+        else:
             try:
                 pass_hash = bcrypt.encrypt(passphrase)
             except PasswordSizeError:
                 error = "Password is too long."
 
     if error is None:
-        if username in map(lambda x: x[0], cfg.users.get_all()):
-            error = "User already exists!"
-        else:
         di = {
             'username':username,
             'name':name,