NAME

PAGI::Utils::SecureCompare - Constant-time string comparison

SYNOPSIS

use PAGI::Utils::SecureCompare qw(secure_compare);

if (secure_compare($submitted_token, $expected_token)) {
    ...
}

FUNCTIONS

secure_compare($a, $b)

Compares two strings in constant time (the comparison always walks the full length of $a rather than short-circuiting on the first mismatch), to prevent timing attacks that could otherwise leak how many leading characters of a secret matched.

Returns false if either argument is undef or if the strings differ in length -- the length check itself is not constant-time, but length alone does not leak the secret's content.

SEE ALSO

PAGI::Middleware::CSRF and PAGI::Context both use this function so there is exactly one constant-time comparison implementation in the distribution.