NAME
PAGI::Utils::SecureCompare - Constant-time string comparison
SYNOPSIS
use PAGI::Utils::SecureCompare qw(secure_compare);
if (secure_compare($submitted_token, $expected_token)) {
...
}
FUNCTIONS
secure_compare($a, $b)
Compares two strings in constant time (the comparison always walks the full length of $a rather than short-circuiting on the first mismatch), to prevent timing attacks that could otherwise leak how many leading characters of a secret matched.
Returns false if either argument is undef or if the strings differ in length -- the length check itself is not constant-time, but length alone does not leak the secret's content.
SEE ALSO
PAGI::Middleware::CSRF and PAGI::Context both use this function so there is exactly one constant-time comparison implementation in the distribution.