Tools for cryptography

package Default

 Methods

Compare two strings to avoid timing attacks

compareStrings(string $expected, string $actual) : boolean
Static

C function memcmp() internally used by PHP, exits as soon as a difference is found in the two buffers. That makes possible of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password). The length will leak.

Parameters

$expected

string

$actual

string

Returns

boolean