0.0
No commit activity in last 3 years
No release in over 3 years
This is a copy of ActiveSupport::MessageVerifier.secure_compare, pulled out.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.3
>= 0
 Project Readme

SecureCompare

This is a copy of ActiveSupport::MessageVerifier.secure_compare, pulled out.

Use this to prevent timing attacks when you are checking tokens, or whatnot.

See: http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/

Installation

Add this line to your application's Gemfile:

gem 'secure_compare'

And then execute:

$ bundle

Or install it yourself as:

$ gem install secure_compare

Usage

SecureCompare.compare(secret_token, what_they_sent)

Tests

ruby -Ilib:test -Ilib test/test.rb

Contributing

You shouldn't need to. If you do, open an issue on github.