Module: WebAuthn::SecurityUtils
- Defined in:
- lib/webauthn/security_utils.rb
Class Method Summary collapse
-
.secure_compare(first_string, second_string) ⇒ Object
Constant time string comparison, for variable length strings.
Class Method Details
.secure_compare(first_string, second_string) ⇒ Object
Constant time string comparison, for variable length strings. This code was adapted from Rails ActiveSupport::SecurityUtils
The values are first processed by SHA256, so that we don’t leak length info via timing attacks.
12 13 14 15 16 17 |
# File 'lib/webauthn/security_utils.rb', line 12 def secure_compare(first_string, second_string) first_string_sha256 = ::Digest::SHA256.digest(first_string) second_string_sha256 = ::Digest::SHA256.digest(second_string) SecureCompare.compare(first_string_sha256, second_string_sha256) && first_string == second_string end |