Module: SecureEquals
- Defined in:
- lib/secure_equals.rb
Class Method Summary collapse
-
.equal?(mine, theirs) ⇒ Boolean
Provides an equality method on strings that is not vulnerable to timing attacks.
Class Method Details
.equal?(mine, theirs) ⇒ Boolean
Provides an equality method on strings that is not vulnerable to timing attacks.
This prevents attackers from being able to guess the answer byte-by-byte using tiny differences in response time.
11 12 13 14 15 16 17 18 19 20 21 22 23 |
# File 'lib/secure_equals.rb', line 11 def self.equal?(mine, theirs) return false if mine.nil? || theirs.nil? mine = mine.to_str theirs = theirs.to_str return false unless mine.length == theirs.length difference = 0 0.upto(mine.length - 1) do |i| difference |= (mine[i].ord ^ theirs[i].ord) end difference == 0 end |