Skip to content

Commit

Permalink
Improve safeStringCompare using xor (#77)
Browse files Browse the repository at this point in the history
  • Loading branch information
@richterdennis @dcodeIO
richterdennis authored and dcodeIO committed Mar 5, 2018
1 parent 127318c commit 648482a
Showing 1 changed file with 4 additions and 11 deletions.
15 changes: 4 additions & 11 deletions src/bcrypt.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,18 +198,11 @@ bcrypt.hash = function(s, salt, callback, progressCallback) {
* @inner
*/
function safeStringCompare(known, unknown) {
var right = 0,
wrong = 0;
for (var i=0, k=known.length; i<k; ++i) {
if (known.charCodeAt(i) === unknown.charCodeAt(i))
++right;
else
++wrong;
var diff = known.length ^ unknown.length;
for (var i=0, i<known.length; ++i) {

This comment has been minimized.

Sign in to view

Copy link
@ZaDarkSide

ZaDarkSide Feb 6, 2025

There is a syntax error because of a , instead of a ;

Syntax error: for (var i=0, i<known.length; ++i) {
Corrected for (var i=0; i<known.length; ++i) {
diff |= known.charCodeAt(i) ^ unknown.charCodeAt(i);
}
// Prevent removal of unused variables (never true, actually)
if (right < 0)
return false;
return wrong === 0;
return diff === 0;
}

/**
Expand Down

0 comments on commit 648482a

Please sign in to comment.