Skip to content

Instantly share code, notes, and snippets.

@rennex
Created October 29, 2013 02:17
Show Gist options
  • Save rennex/7208172 to your computer and use it in GitHub Desktop.
Save rennex/7208172 to your computer and use it in GitHub Desktop.
# constant-time comparison algorithm to prevent timing attacks
# (borrowed from devise)
def secure_compare(a, b)
return false if a.bytesize != b.bytesize
l = a.unpack "C#{a.bytesize}"
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment