Skip to content

Instantly share code, notes, and snippets.

@speedmax

speedmax/patch_secure_compare.rb

Created September 7, 2009 03:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save speedmax/182118 to your computer and use it in GitHub Desktop.
Save speedmax/182118 to your computer and use it in GitHub Desktop.
Download ZIP
money patch rails to fix bug #3144
Raw
patch_secure_compare.rb
module ActiveSupport
class MessageVerifier
private
# constant-time comparison algorithm to prevent timing attacks
def secure_compare(a, b)
if a.respond_to?(:bytes)
a.bytes.to_a == b.bytes.to_a
else
a.to_a == b.to_a
end
end
end
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment