diff --git a/project.clj b/project.clj
index 5cf45b6..e8595e7 100644
--- a/project.clj
+++ b/project.clj
@@ -1,4 +1,4 @@
-(defproject clj-jwt "0.0.9"
+(defproject clj-jwt "0.0.10"
   :description  "Clojure library for JSON Web Token(JWT)"
   :url          "https://github.com/liquidz/clj-jwt"
   :license      {:name "Eclipse Public License"
@@ -7,6 +7,7 @@
                  [org.clojure/data.json "0.2.5"]
                  [org.clojure/data.codec "0.1.0"]
                  [org.bouncycastle/bcprov-jdk15 "1.46"]
+                 [crypto-equality "1.0.0"]
                  [clj-time "0.8.0"]]
 
   :profiles {:dev {:dependencies [[midje "1.6.3"  :exclusions [org.clojure/clojure]]]}}
diff --git a/src/clj_jwt/sign.clj b/src/clj_jwt/sign.clj
index 9761d09..1d3fb62 100644
--- a/src/clj_jwt/sign.clj
+++ b/src/clj_jwt/sign.clj
@@ -1,6 +1,7 @@
 (ns clj-jwt.sign
   (:require
-    [clj-jwt.base64 :refer [url-safe-encode-str url-safe-decode]]))
+    [clj-jwt.base64 :refer [url-safe-encode-str url-safe-decode]]
+    [crypto.equality :as creq]))
 
 (java.security.Security/addProvider
  (org.bouncycastle.jce.provider.BouncyCastleProvider.))
@@ -17,7 +18,7 @@
 (defn- hmac-verify
   "Function to verify data and signature with HMAC algorithm."
   [alg key body signature & {:keys [charset] :or {charset "UTF-8"}}]
-  (= signature (hmac-sign alg key body :charset charset)))
+  (creq/eq? signature (hmac-sign alg key body :charset charset)))
 
 ; RSA
 (defn- rsa-sign