Source of file Utils.php
Size: 1,329 Bytes - Last Modified: 2014-03-12T23:21:18+01:00
/home/theseer/Downloads/ZendFramework-2.3.0/library/Zend/Crypt/Utils.php
12345678910111213141516171819202122232425262728293031323334353637383940414243444546 | <?php /** * Zend Framework (http://framework.zend.com/) * * @link http://github.com/zendframework/zf2 for the canonical source repository * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com) * @license http://framework.zend.com/license/new-bsd New BSD License */ namespace Zend\Crypt; /** * Tools for cryptography */ class Utils { /** * Compare two strings to avoid timing attacks * * C function memcmp() internally used by PHP, exits as soon as a difference * is found in the two buffers. That makes possible of leaking * timing information useful to an attacker attempting to iteratively guess * the unknown string (e.g. password). * * @param string $expected * @param string $actual * @return bool */ public static function compareStrings($expected, $actual) { $expected = (string) $expected; $actual = (string) $actual; $lenExpected = strlen($expected); $lenActual = strlen($actual); $len = min($lenExpected, $lenActual); $result = 0; for ($i = 0; $i < $len; $i++) { $result |= ord($expected[$i]) ^ ord($actual[$i]); } $result |= $lenExpected ^ $lenActual; return ($result === 0); } } |