Tools for cryptography

category Zend
package Zend_Crypt

 Methods

Compare two strings to avoid timing attacks

compareStrings(string $expected, string $actual) : bool

C function memcmp() internally used by PHP, exits as soon as a difference is found in the two buffers. That makes possible of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password).

Parameters

$expected

string

$actual

string

Returns

bool