instance method `secure_compare`

Ruby on Rails 4.0.13

Since v2.3.18 Last seen in v4.1.16 Private

Available in: v2.3.18 v3.0.20 v3.1.12 v3.2.22.5 v4.0.13 v4.1.16

Compare with:

secure_compare(a, b)

constant-time comparison algorithm to prevent timing attacks

Parameters

a req
b req

Source

# File activesupport/lib/active_support/message_verifier.rb, line 53
      def secure_compare(a, b)
        return false unless a.bytesize == b.bytesize

        l = a.unpack "C#{a.bytesize}"

        res = 0
        b.each_byte { |byte| res |= byte ^ l.shift }
        res == 0
      end

Defined in activesupport/lib/active_support/message_verifier.rb line 53 · View on GitHub · Improve this page · Find usages on GitHub

Defined in ActiveSupport::MessageVerifier

Signature

Parameters