February 2011
1 post
2 tags
Interesting commits #1
Devise. [dd721f] Use secure compare as well.
# constant-time comparison algorithm to prevent timing attacks
def self.secure_compare(a, b)
return false unless a.present? && b.present?
return false unless a.bytesize == b.bytesize
l = a.unpack "C#{a.bytesize}"
res = 0
b.each_byte { |byte| res |= byte ^ l.shift }
res == 0
end
In short, a timing attack uses statistical analysis of...
