Sha256: 03445bbcf87da4d490aab2540fbccede93eed72f590853bbd521417fd59be1c1

Contents?: true

Size: 579 Bytes

Versions: 6

Compression:

Stored size: 579 Bytes

Contents

module CoreExt
  module SecurityUtils
    # Constant time string comparison.
    #
    # The values compared should be of fixed length, such as strings
    # that have already been processed by HMAC. This should not be used
    # on variable length plaintext strings because it could leak length info
    # via timing attacks.
    def secure_compare(a, b)
      return false unless a.bytesize == b.bytesize

      l = a.unpack "C#{a.bytesize}"

      res = 0
      b.each_byte { |byte| res |= byte ^ l.shift }
      res == 0
    end
    module_function :secure_compare
  end
end

Version data entries

6 entries across 6 versions & 1 rubygems

Version Path
core_ext-0.0.6 lib/core_ext/security_utils.rb
core_ext-0.0.5 lib/core_ext/security_utils.rb
core_ext-0.0.4 lib/core_ext/security_utils.rb
core_ext-0.0.3 lib/core_ext/security_utils.rb
core_ext-0.0.2 lib/core_ext/security_utils.rb
core_ext-0.0.1 lib/core_ext/security_utils.rb