module ActiveSupport::SecurityUtils
Public Class Methods
fixed_length_secure_compare(a, b)
click to toggle source
# File lib/active_support/security_utils.rb, line 11 def fixed_length_secure_compare(a, b) OpenSSL.fixed_length_secure_compare(a, b) end
secure_compare(a, b)
click to toggle source
Secure string comparison for strings of variable length.
While a timing attack would not be able to discern the content of a secret compared via secure_compare
, it is possible to determine the secret length. This should be considered when using secure_compare
to compare weak, short secrets to user input.
# File lib/active_support/security_utils.rb, line 33 def secure_compare(a, b) a.bytesize == b.bytesize && fixed_length_secure_compare(a, b) end
Private Instance Methods
fixed_length_secure_compare(a, b)
click to toggle source
# File lib/active_support/security_utils.rb, line 11 def fixed_length_secure_compare(a, b) OpenSSL.fixed_length_secure_compare(a, b) end
secure_compare(a, b)
click to toggle source
Secure string comparison for strings of variable length.
While a timing attack would not be able to discern the content of a secret compared via secure_compare
, it is possible to determine the secret length. This should be considered when using secure_compare
to compare weak, short secrets to user input.
# File lib/active_support/security_utils.rb, line 33 def secure_compare(a, b) a.bytesize == b.bytesize && fixed_length_secure_compare(a, b) end