method

secure_compare

v6.1.3.1 - Show latest stable - Class: ActiveSupport::SecurityUtils

secure_compare(a, b)

private

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

# File activesupport/lib/active_support/security_utils.rb, line 33
    def secure_compare(a, b)
      a.length == b.length && fixed_length_secure_compare(a, b)
    end

secure_compare

Related methods