module ActiveSupport::SecurityUtils

def fixed_length_secure_compare(a, b)

def fixed_length_secure_compare(a, b)
  OpenSSL.fixed_length_secure_compare(a, b)
end

def fixed_length_secure_compare(a, b)

def fixed_length_secure_compare(a, b)
  raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize
  l = a.unpack "C#{a.bytesize}"
  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

def secure_compare(a, b)

to compare weak, short secrets to user input.
the secret length. This should be considered when using secure_compare
a secret compared via secure_compare, it is possible to determine
While a timing attack would not be able to discern the content of

Secure string comparison for strings of variable length.

def secure_compare(a, b)
  a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
end

Instance Methods

# fixed_length_secure_compare
# fixed_length_secure_compare
# secure_compare

Defined in

lib/active_support/security_utils.rb

Modules

Classes

module ActiveSupport::SecurityUtils

def fixed_length_secure_compare(a, b)

def fixed_length_secure_compare(a, b)

def secure_compare(a, b)

Instance Methods

Defined in