API Guides

instance method secure_compare

Ruby on Rails 2.3.18

Since v2.3.18 Last seen in v4.1.16 Private

Available in: v2.3.18 v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16 

secure_compare(a, b)

constant-time comparison algorithm to prevent timing attacks

Parameters

a req
b req
Source 
# File activesupport/lib/active_support/message_verifier.rb, line 45
        def secure_compare(a, b)
          a = a.dup.force_encoding(Encoding::BINARY)
          b = b.dup.force_encoding(Encoding::BINARY)

          if a.length == b.length
            result = 0
            for i in 0..(a.length - 1)
              result |= a[i].ord ^ b[i].ord
            end
            result == 0
          else
            false
          end
        end

Defined in activesupport/lib/active_support/message_verifier.rb line 45 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveSupport::MessageVerifier

Type at least 2 characters to search.

↑↓ navigate · open · esc close