Skip to Content Skip to Search
Methods
F
S

Class Public methods

fixed_length_secure_compare(a, b)

Constant time string comparison, for fixed length strings.

The values compared should be of fixed length, such as strings that have already been processed by HMAC. Raises in case of length mismatch.

Source: show | on GitHub 

# File activesupport/lib/active_support/security_utils.rb, line 10
def fixed_length_secure_compare(a, b)
  OpenSSL.fixed_length_secure_compare(a, b)
end

secure_compare(a, b)

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

Source: show | on GitHub 

# File activesupport/lib/active_support/security_utils.rb, line 32
def secure_compare(a, b)
  a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
end