module Svix

Constant time string comparison, for fixed length strings. Code borrowed from ActiveSupport github.com/rails/rails/blob/75ac626c4e21129d8296d4206a1960563cc3d4aa/activesupport/lib/active_support/security_utils.rb#L33

The values compared should be of fixed length, such as strings that have already been processed by HMAC. Raises in case of length mismatch.

Constants

VERSION

Public Class Methods

fixed_length_secure_compare(a, b) click to toggle source
# File src/svix/util.rb, line 11
def fixed_length_secure_compare(a, b)
    OpenSSL.fixed_length_secure_compare(a, b)
end
secure_compare(a, b) click to toggle source

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

# File src/svix/util.rb, line 33
def secure_compare(a, b)
    a.length == b.length && fixed_length_secure_compare(a, b)
end

Private Instance Methods

fixed_length_secure_compare(a, b) click to toggle source
# File src/svix/util.rb, line 11
def fixed_length_secure_compare(a, b)
    OpenSSL.fixed_length_secure_compare(a, b)
end
secure_compare(a, b) click to toggle source

Secure string comparison for strings of variable length.

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

# File src/svix/util.rb, line 33
def secure_compare(a, b)
    a.length == b.length && fixed_length_secure_compare(a, b)
end