Fully Qualified Name: | Zend\Crypt\Utils |
Tools for cryptography
Name | Description | Defined By |
---|---|---|
compareStrings() | Compare two strings to avoid timing attacks | Utils |
Compare two strings to avoid timing attacks
C function memcmp() internally used by PHP, exits as soon as a difference is found in the two buffers. That makes possible of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password). The length will leak.
Parameter Name | Type | Description |
---|---|---|
$expected | string | |
$actual | string |
Returns: bool