Method: OpenSSL.secure_compare
- Defined in:
- lib/jopenssl/load.rb
.secure_compare(a, b) ⇒ Object
call-seq:
OpenSSL.secure_compare(string, string) -> boolean
Constant time memory comparison. Inputs are hashed using SHA-256 to mask the length of the secret. Returns true if the strings are identical, false otherwise.
66 67 68 69 70 |
# File 'lib/jopenssl/load.rb', line 66 def self.secure_compare(a, b) hashed_a = OpenSSL::Digest.digest('SHA256', a) hashed_b = OpenSSL::Digest.digest('SHA256', b) OpenSSL.fixed_length_secure_compare(hashed_a, hashed_b) && a == b end |