Method: OpenSSL.secure_compare
- Defined in:
- lib/openssl.rb
.secure_compare(a, b) ⇒ Object
:call-seq:
OpenSSL.secure_compare(string, string) -> true or false
Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns true if the strings are identical, false otherwise.
This method is expensive due to the SHA-256 hashing. In most cases, where the input lengths are known to be equal or are not sensitive, OpenSSL.fixed_length_secure_compare should be used instead.
36 37 38 39 40 |
# File 'lib/openssl.rb', line 36 def self.secure_compare(a, b) hashed_a = OpenSSL::Digest.digest('SHA256', a) hashed_b = OpenSSL::Digest.digest('SHA256', b) OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b end |