Project

secure_compare

0.0
No commit activity in last 3 years
No release in over 3 years
secure_comparemgates/secure_compareHomepageDocumentationSource CodeBug TrackerWiki
This is a copy of ActiveSupport::MessageVerifier.secure_compare, pulled out.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
55,076
Stars
0
Forks
1
Watchers
1
 Releases
Current version
0.0.1
Total releases
1
First release
2014-06-19
Latest release
2014-06-19
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2014-06-19
Reverse Dependencies
3

 Dependencies

Development

bundler
~> 1.3
rake
>= 0
 Project Readme

SecureCompare

This is a copy of ActiveSupport::MessageVerifier.secure_compare, pulled out.

Use this to prevent timing attacks when you are checking tokens, or whatnot.

See: http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/

Installation

Add this line to your application's Gemfile:

gem 'secure_compare'

And then execute:

$ bundle

Or install it yourself as:

$ gem install secure_compare

Usage

SecureCompare.compare(secret_token, what_they_sent)

Tests

ruby -Ilib:test -Ilib test/test.rb

Contributing

You shouldn't need to. If you do, open an issue on github.