electronicbites · August 29, 2015 14:02
diff --git a/gistfile1.rb b/gistfile1.rb
 # constant-time comparison algorithm to prevent timing attacks
 def secure_compare(a, b)
  return false if a.blank? || b.blank? || a.bytesize != b.bytesize
  l = a.unpack "C#{a.bytesize}"

  res = 0
  b.each_byte { |byte| res |= byte ^ l.shift }
  res == 0
 end
 
 
 # Verifies whether an password (ie from sign in) is the user password.
  def valid_password?(password)
    return false if encrypted_password.blank?
    bcrypt   = ::BCrypt::Password.new(encrypted_password)
    password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
    secure_compare(password, encrypted_password)
  end

  # Digests the password using bcrypt. Custom encryption should override
  # this method to apply their own algorithm.
  #
  # See https://github.com/plataformatec/devise-encryptable for examples
  # of other encryption engines.
  def password_digest(password)
    ::BCrypt::Password.create("#{password}#{klass.pepper}", :cost => klass.stretches).to_s
  end
	# constant-time comparison algorithm to prevent timing attacks
	def secure_compare(a, b)
	return false if a.blank? \|\| b.blank? \|\| a.bytesize != b.bytesize
	l = a.unpack "C#{a.bytesize}"

	res = 0
	b.each_byte { \|byte\| res \|= byte ^ l.shift }
	res == 0
	end


	# Verifies whether an password (ie from sign in) is the user password.
	def valid_password?(password)
	return false if encrypted_password.blank?
	bcrypt = ::BCrypt::Password.new(encrypted_password)
	password = ::BCrypt::Engine.hash_secret("#{password}#{self.class.pepper}", bcrypt.salt)
	secure_compare(password, encrypted_password)
	end

	# Digests the password using bcrypt. Custom encryption should override
	# this method to apply their own algorithm.
	#
	# See https://github.com/plataformatec/devise-encryptable for examples
	# of other encryption engines.
	def password_digest(password)
	::BCrypt::Password.create("#{password}#{klass.pepper}", :cost => klass.stretches).to_s
	end