module ActiveSupport::SecurityUtils

def secure_compare(a, b)

via timing attacks.
on variable length plaintext strings because it could leak length info
that have already been processed by HMAC. This should not be used
The values compared should be of fixed length, such as strings

Constant time string comparison.

def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize
  l = a.unpack "C#{a.bytesize}"
  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

def variable_size_secure_compare(a, b) # :nodoc:

:nodoc:

def variable_size_secure_compare(a, b) # :nodoc:
  secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))
end

Instance Methods

# secure_compare
# variable_size_secure_compare

Defined in

lib/active_support/security_utils.rb

Modules

Classes

module ActiveSupport::SecurityUtils

def secure_compare(a, b)

def variable_size_secure_compare(a, b) # :nodoc:

Instance Methods

Defined in