Sha256: 66ef6256520c7d4af3ef4757e313f4f4faaf7cf089a6b5b6f94244df3364d4c4
Contents?: true
Size: 829 Bytes
Versions: 1
Compression:
Stored size: 829 Bytes
Contents
# frozen_string_literal: true
require "digest"
module ActiveSupport
module SecurityUtils
# Constant time string comparison.
#
# The values compared should be of fixed length, such as strings
# that have already been processed by HMAC. This should not be used
# on variable length plaintext strings because it could leak length info
# via timing attacks.
def secure_compare(a, b)
return false unless a.bytesize == b.bytesize
l = a.unpack "C#{a.bytesize}"
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
end
module_function :secure_compare
def variable_size_secure_compare(a, b) # :nodoc:
secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))
end
module_function :variable_size_secure_compare
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| ruby-on-quails-0.1.0 | activesupport/lib/active_support/security_utils.rb |