You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Similar to PR #196, but for other languages that need a simple, standalone, constant-time secure comparison function.
secureCompare for Ruby:
# Run a constant-time comparison against two strings to determine equality.
# Useful for performing cryptographic comparison / avoiding timing attacks.
#
# @param [String] a
# @param [String] b
# @return [Boolean]
def secureCompare(a, b)
if a.length != b.length then
return false
end
result = 0
cmp = Hash[[a.bytes, b.bytes].transpose]
cmp.each do |x, y|
result |= x ^ y
end
return result == 0
end
secureCompare for NodeJS
var bufferEq = require('buffer-equal-constant-time');
function secureCompare(a, b) {
bufA = new Buffer(a);
bufB = new Buffer(b);
return bufferEq(bufA, bufB);
}
secureCompare for PHP
<?php
function secureCompare($a, $b) {
$bytes_a = unpack("C*", $a);
$bytes_b = unpack("C*", $b);
$cmplen = count($bytes_a);
if ($cmplen !== count($bytes_b)) {
return false;
}
$result = 0;
// The result from unpack() is 1-indexed instead of 0-indexed.
for ($i = 1; $i <= $cmplen; $i++) {
$result |= $bytes_a[$i] ^ $bytes_b[$i];
}
return $result === 0;
}
?>
Similar to PR #196, but for other languages that need a simple, standalone, constant-time secure comparison function.
secureCompare
for Ruby:secureCompare
for NodeJSsecureCompare
for PHPTODO:
buffer-equal-constant-time
)hmac.compare_digest
or standalone code..? -- done in Use compare_digest in Python when comparing hex digests #196 )hmac.Equal
or standalone code...?)Resources:
The text was updated successfully, but these errors were encountered: