Module: Convoy::Util
- Defined in:
- lib/convoy/util.rb
Class Method Summary collapse
-
.secure_compare(str_a, str_b) ⇒ Object
Constant time string comparison to prevent timing attacks Code borrowed from ActiveSupport.
Class Method Details
.secure_compare(str_a, str_b) ⇒ Object
Constant time string comparison to prevent timing attacks Code borrowed from ActiveSupport
5 6 7 8 9 10 11 12 13 |
# File 'lib/convoy/util.rb', line 5 def self.secure_compare(str_a, str_b) return false unless str_a.bytesize == str_b.bytesize l = str_a.unpack "C#{str_a.bytesize}" res = 0 str_b.each_byte { |byte| res |= byte ^ l.shift } res.zero? end |