Method: BCrypt::Password#==

Defined in:
lib/bcrypt/password.rb

#==(secret) ⇒ Object Also known as: is_password?

Compares a potential secret against the hash. Returns true if the secret is the original secret, false otherwise.

Comparison edge case/gotcha:

secret = "my secret"
@password = BCrypt::Password.create(secret)

@password == secret              # => True
@password == @password           # => False
@password == @password.to_s      # => False
@password.to_s == @password      # => True
@password.to_s == @password.to_s # => True

secret == @password              # => probably False, because the secret is not a BCrypt::Password instance.


78
79
80
81
82
83
84
85
86
87
# File 'lib/bcrypt/password.rb', line 78

def ==(secret)
  hash = BCrypt::Engine.hash_secret(secret, @salt)

  return false if hash.strip.empty? || strip.empty? || hash.bytesize != bytesize

  # Constant time comparison so they can't tell the length.
  res = 0
  bytesize.times { |i| res |= getbyte(i) ^ hash.getbyte(i) }
  res == 0
end