0.36
No release in over 3 years
Low commit activity in last 3 years
securecompare borrows the secure_compare private method from ActiveSupport::MessageVerifier which lets you do safely compare strings without being vulnerable to timing attacks. Useful for Basic HTTP Authentication in your rack/rails application.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

~> 1.3
>= 0
 Project Readme

Build Status Gem Version Dependency Status Code Climate

securecompare

securecompare is a gem that implements a constant time string comparison method safe for use in cryptographic functions.

Description

securecompare borrows the secure_compare private method from ActiveSupport::MessageVerifier which lets you do safely compare strings without being vulnerable to timing attacks. Useful for Basic HTTP Authentication in your rack/rails application.

Installation

Add this line to your application's Gemfile:

gem "securecompare"

And then execute:

$ bundle install

Or install it yourself as:

$ gem install securecompare

Usage

require "securecompare"

SecureCompare.compare("password", "password") # => true
SecureCompare.compare("password", "passw0rd") # => false
require "securecompare"

class Password < String
  include SecureCompare

  def ==(other)
    secure_compare(self, other)
  end
end

Password.new("password") == "password" # => true
Password.new("password") == "passw0rd" # => false
require "securecompare"

class ApplicationController < ActionController::Base
  include SecureCompare

  before_filter :authenticate

  proctected
  def authenticate
    authenticate_or_request_with_http_basic("My Rails App") do |username, password|
      secure_compare(username, "username") & secure_compare(password, "password")
    end
  end
end

Contributing

Fork, branch & pull request.