Class Utils

Summary

Fully Qualified Name: Zend\Crypt\Utils

Description

Tools for cryptography

Methods

Name Description Defined By
compareStrings() Compare two strings to avoid timing attacks Utils

Method Details

compareStrings()

Compare two strings to avoid timing attacks

C function memcmp() internally used by PHP, exits as soon as a difference is found in the two buffers. That makes possible of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password). The length will leak.

Parameter Name Type Description
$expected string
$actual string

Returns: bool

Top