Module: ActiveSupport::SecurityUtils

Relationships & Source Files
Extension / Inclusion / Inheritance Descendants
Included In: `SecureCompareRotator`
Defined in:	activesupport/lib/active_support/security_utils.rb

Class Method Summary

.fixed_length_secure_compare(a, b) mod_func

See additional method definition at line 11.
.secure_compare(a, b) mod_func

Secure string comparison for strings of variable length.

Class Method Details

.fixed_length_secure_compare(a, b) (mod_func)

See additional method definition at line 11.

Raises:

(ArgumentError)

[ GitHub ]

# File 'activesupport/lib/active_support/security_utils.rb', line 15


def fixed_length_secure_compare(a, b)
  OpenSSL.fixed_length_secure_compare(a, b)
end

.secure_compare(a, b) (mod_func)

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

[ GitHub ]

# File 'activesupport/lib/active_support/security_utils.rb', line 33


def secure_compare(a, b)
  a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
end