What that mean: Compare two strings $a and $b in length-constant time?

When you usually compare if two strings are equal or not, the algorithm stops if it encounters the first unequality.

Like this: "aaa" == "aba"? First character? Both "a". Second character? "a" isn't "b", so stop here to save time. The last character does not get compared.

When comparing security relevant strings, an attacker might get a clue which character is correct and which is wrong because of the runtime of such a comparison function.

Consider for a moment the unsafe practice of having plain text passwords. If the attacker could find out whether or not the first character of his guessed password is correct by measuring how long the password comparison runs, he needs only about 62 guesses (alphabetic characters lower and upper case, and numbers) to know the first letter. With one letter the runtime was longer because that first letter was identical to the real password, and the second letter got compared. Now that second letter gets iterated. And after 62 more guesses, is known.

This weakens security a lot, because without knowing if the first letter is right, you'd need 62*62 guesses for a two-letter password. With a clue, you only need 62 + 62 guesses.

A length-constant comparison function compares all the letters, and only at the end reveals whether or not the strings match. That way you cannot get a clue which letter is already right.

Hashing strings mixes up things a bit, but because you cannot know if the attacker has pre-generated a bunch of hashes, or is generating them on the fly and does NOT brute-force the corresponding password if the hash would not match, you do not want anybody to know WHERE that hash does not match. It's a small added security component, but a very important one.