module Devise

def self.secure_compare(a, b)

constant-time comparison algorithm to prevent timing attacks

def self.secure_compare(a, b)
  return false if a.blank? || b.blank? || a.bytesize != b.bytesize
  l = a.unpack "C#{a.bytesize}"
  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

Class Methods