This project is archived and is in readonly mode.

#3195 ✓committed
Aaron Patterson

secure compare can be faster

Reported by Aaron Patterson | September 13th, 2009 @ 08:41 AM

ActiveSupport::MessageVerifier#secure_compare can be made faster and yet still be constant time.

I've attached a patch. This patch does not work with 1.8.6, but does work with 1.8.7 and greater.

I've also attached a benchmark. Here are the results from the benchmark on my machine (the first run is 1.8.7, the second is 1.9.1. "kittens" is my implementation):

[apatterson@higgins git]$ ruby bm.rb
Rehearsal ---------------------------------------------
orig =     12.950000   0.050000  13.000000 ( 13.131352)
kittens =  10.200000   0.040000  10.240000 ( 10.363059)
----------------------------------- total: 23.240000sec

                user     system      total        real
orig =     13.690000   0.050000  13.740000 ( 13.885828)
kittens =  10.380000   0.040000  10.420000 ( 10.541784)
[apatterson@higgins git]$ ruby1.9 bm.rb 
Rehearsal ---------------------------------------------
orig =     17.510000   0.090000  17.600000 ( 17.797328)
kittens =   7.590000   0.040000   7.630000 (  7.698660)
----------------------------------- total: 25.230000sec

                user     system      total        real
orig =     18.080000   0.080000  18.160000 ( 18.348804)
kittens =   7.650000   0.040000   7.690000 (  7.759919)
[apatterson@higgins git]$

Thanks!

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Attachments

Referenced by

Pages