lithium\security\Hash::compare()

public static method

Compares two hashes in constant time to prevent timing attacks.

To successfully mitigate timing attacks and not leak the actual length of the known hash, it is important that both provided hash strings have the same length and that the user-supplied hash string is passed as a second parameter rather than first.

An E_USER_WARNING will be emitted when either of the supplied parameters is not a string.

Parameters

string $known
The hash string of known length to compare against.
string $user
The user-supplied hash string.

Returns

boolean

Returns a boolean indicating whether the two hash strings are equal.

Source

	public static function compare($known, $user) {
		return hash_equals($known, $user);
	}

li3

lithium\security\Hash::compare()

Parameters

Returns

Links

Source