Tools for cryptography. More...

Static Public Member Functions
static	compareStrings ($expected, $actual)
	Compare two strings to avoid timing attacks.

Detailed Description

Tools for cryptography.

Member Function Documentation

static compareStrings	(	$expected,
		$actual
	)

static

Compare two strings to avoid timing attacks.

C function memcmp() internally used by PHP, exits as soon as a difference is found in the two buffers. That makes possible of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password). The length will leak.

Parameters

string	$expected
string	$actual

Returns: bool

Static Public Member Functions

Detailed Description

Member Function Documentation