Module: ActiveSupport::SecurityUtils

Relationships & Source Files
Extension / Inclusion / Inheritance Descendants
Included In: `SecureCompareRotator`
Defined in:	activesupport/lib/active_support/security_utils.rb

Class Method Summary

.fixed_length_secure_compare(a, b) mod_func

Constant time string comparison, for fixed length strings.
.secure_compare(a, b) mod_func

Secure string comparison for strings of variable length.

Class Method Details

.fixed_length_secure_compare(a, b) (mod_func)

Constant time string comparison, for fixed length strings.

The values compared should be of fixed length, such as strings that have already been processed by HMAC. Raises in case of length mismatch.

See additional method definition at line 10.

Raises:

(ArgumentError)

[ GitHub ]

# File 'activesupport/lib/active_support/security_utils.rb', line 14


def fixed_length_secure_compare(a, b)
  OpenSSL.fixed_length_secure_compare(a, b)
end

.secure_compare(a, b) (mod_func)

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

[ GitHub ]

# File 'activesupport/lib/active_support/security_utils.rb', line 32


def secure_compare(a, b)
  a.bytesize == b.bytesize && fixed_length_secure_compare(a, b)
end