module Svix
Constant time string comparison, for fixed length strings. Code borrowed from ActiveSupport github.com/rails/rails/blob/75ac626c4e21129d8296d4206a1960563cc3d4aa/activesupport/lib/active_support/security_utils.rb#L33
The values compared should be of fixed length, such as strings that have already been processed by HMAC. Raises in case of length mismatch.
Constants
- VERSION
Public Class Methods
# File src/svix/util.rb, line 11 def fixed_length_secure_compare(a, b) OpenSSL.fixed_length_secure_compare(a, b) end
Secure string comparison for strings of variable length.
While a timing attack would not be able to discern the content of a secret compared via secure_compare
, it is possible to determine the secret length. This should be considered when using secure_compare
to compare weak, short secrets to user input.
# File src/svix/util.rb, line 33 def secure_compare(a, b) a.length == b.length && fixed_length_secure_compare(a, b) end
Private Instance Methods
# File src/svix/util.rb, line 11 def fixed_length_secure_compare(a, b) OpenSSL.fixed_length_secure_compare(a, b) end
Secure string comparison for strings of variable length.
While a timing attack would not be able to discern the content of a secret compared via secure_compare
, it is possible to determine the secret length. This should be considered when using secure_compare
to compare weak, short secrets to user input.
# File src/svix/util.rb, line 33 def secure_compare(a, b) a.length == b.length && fixed_length_secure_compare(a, b) end