module SecureCompare

Constants

VERSION

Public Class Methods

compare(a, b)

Alias for: secure_compare

secure_compare(a, b) click to toggle source

constant-time comparison algorithm to prevent timing attacks; borrowed from ActiveSupport::MessageVerifier

# File lib/securecompare.rb, line 5
def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize

  l = a.unpack("C#{a.bytesize}")

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

Also aliased as: compare

Private Instance Methods

secure_compare(a, b) click to toggle source

constant-time comparison algorithm to prevent timing attacks; borrowed from ActiveSupport::MessageVerifier

# File lib/securecompare.rb, line 5
def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize

  l = a.unpack("C#{a.bytesize}")

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
end

Also aliased as: compare