module ActiveSupport::SecurityUtils
Experimental RBS support (using type sampling data from the type_fusion project).
# sig/active_support/security_utils.rbs module ActiveSupport::SecurityUtils def fixed_length_secure_compare: (String a, String b) -> true def fixed_length_secure_compare: (String a, String b) -> true end
def fixed_length_secure_compare(a, b)
Experimental RBS support (using type sampling data from the type_fusion project).
def fixed_length_secure_compare: (String a, String b) -> true
This signature was generated using 1 sample from 1 application.
def fixed_length_secure_compare(a, b) OpenSSL.fixed_length_secure_compare(a, b) end
def fixed_length_secure_compare(a, b)
Experimental RBS support (using type sampling data from the type_fusion project).
def fixed_length_secure_compare: (String a, String b) -> true
This signature was generated using 1 sample from 1 application.
def fixed_length_secure_compare(a, b) raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end
def secure_compare(a, b)
the secret length. This should be considered when using secure_compare
a secret compared via secure_compare, it is possible to determine
While a timing attack would not be able to discern the content of
Secure string comparison for strings of variable length.
def secure_compare(a, b) a.bytesize == b.bytesize && fixed_length_secure_compare(a, b) end