ActiveSupport::SecurityUtils (original) (raw)

Methods

F

• fixed_length_secure_compare

S

• secure_compare

Class Public methods

fixed_length_secure_compare(a, b)Link

Source: show | on GitHub

def fixed_length_secure_compare(a, b) OpenSSL.fixed_length_secure_compare(a, b) end

secure_compare(a, b)Link

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

Source: show | on GitHub

def secure_compare(a, b) a.bytesize == b.bytesize && fixed_length_secure_compare(a, b) end