module WebAuthn::SecurityUtils
Public Class Methods
secure_compare(first_string, second_string)
click to toggle source
Constant time string comparison, for variable length strings. This code was adapted from Rails ActiveSupport::SecurityUtils
The values are first processed by SHA256, so that we don't leak length info via timing attacks.
# File lib/webauthn/security_utils.rb, line 12 def secure_compare(first_string, second_string) first_string_sha256 = ::Digest::SHA256.digest(first_string) second_string_sha256 = ::Digest::SHA256.digest(second_string) SecureCompare.compare(first_string_sha256, second_string_sha256) && first_string == second_string end
Private Instance Methods
secure_compare(first_string, second_string)
click to toggle source
Constant time string comparison, for variable length strings. This code was adapted from Rails ActiveSupport::SecurityUtils
The values are first processed by SHA256, so that we don't leak length info via timing attacks.
# File lib/webauthn/security_utils.rb, line 12 def secure_compare(first_string, second_string) first_string_sha256 = ::Digest::SHA256.digest(first_string) second_string_sha256 = ::Digest::SHA256.digest(second_string) SecureCompare.compare(first_string_sha256, second_string_sha256) && first_string == second_string end