Module: SecureCompare
- Defined in:
- lib/securecompare.rb,
lib/securecompare/version.rb
Constant Summary collapse
- VERSION =
"1.0.0"
Class Method Summary collapse
-
.secure_compare(a, b) ⇒ Object
(also: compare)
constant-time comparison algorithm to prevent timing attacks; borrowed from ActiveSupport::MessageVerifier.
Class Method Details
.secure_compare(a, b) ⇒ Object Also known as: compare
constant-time comparison algorithm to prevent timing attacks; borrowed from ActiveSupport::MessageVerifier
5 6 7 8 9 10 11 12 13 |
# File 'lib/securecompare.rb', line 5 def secure_compare(a, b) return false unless a.bytesize == b.bytesize l = a.unpack("C#{a.bytesize}") res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end |