Zend\Crypt\Utils::compareStrings
Compare two strings to avoid timing attacks
C function memcmp() internally used by PHP, exits as soon as a difference is found in the two buffers. That makes possible of leaking timing information useful to an attacker attempting to iteratively guess the unknown string (e.g. password).
Signature
public function compareStrings(string
$expected,
string
$actual )
Parameters
$expected
— string$actual
— string
Returns
- bool