instance method `secure_compare`

Ruby on Rails 3.2.22.5

Since v3.2.22.5 Private

Available in: v3.2.22.5 v4.1.16 v4.2.9 v5.2.8.1 v6.0.6 v6.1.7.10 v7.0.10 v7.1.6 v7.2.3 v8.0.4 v8.1.2

Compare with:

secure_compare(a, b)

Constant time string comparison.

The values compared should be of fixed length, such as strings that have already been processed by HMAC. This should not be used on variable length plaintext strings because it could leak length info via timing attacks.

Parameters

a req
b req

Source

# File activesupport/lib/active_support/security_utils.rb, line 11
    def secure_compare(a, b)
      return false unless a.bytesize == b.bytesize

      l = a.unpack "C#{a.bytesize}"

      res = 0
      b.each_byte { |byte| res |= byte ^ l.shift }
      res == 0
    end

Defined in activesupport/lib/active_support/security_utils.rb line 11 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveSupport::SecurityUtils

Signature

Parameters