digest.secure_is_equal()

A boolean function that returns true if s1 and s2 are equal. Comparison time varies on the length of s1 and s2 but not the contents of s1 and s2. For strings of the same length, the comparison is done in constant time to defend against timing attacks.

Format

BOOL
digest.secure_is_equal(STRING_LIST s1, STRING_LIST s2)

Examples

1
2
3
if (!(table.lookup(user2hashedpass, req.http.User) && digest.secure_is_equal(req.http.HashedPass, table.lookup(user2hashedpass, req.http.User)))) {
  error 401 "Unauthorized";
}