ConFoo 2025

sodium_memcmp

(PHP 7 >= 7.2.0, PHP 8)

sodium_memcmpTest for equality in constant-time

说明

sodium_memcmp(#[\SensitiveParameter] string $string1, #[\SensitiveParameter] string $string2): int

Compare two strings in constant-time.

In practice, you almost always want to use hash_equals() instead, since it provides the same logic but returns a bool instead of an int. However, if you're using the return value of a comparison in a calculation that's timing-sensitive, and worried about timing leaks with bool-to-int conversions, sodium_memcmp() is an ideal replacement.

参数

string1

String to compare

string2

Other string to compare

返回值

Returns 0 if both strings are equal; -1 otherwise.

添加备注

用户贡献的备注 1 note

up
-1
divinity76 at gmail dot com
5 years ago
seems to me that this function does the same as the hash_equals() function. hash_equals() has nothing to do with hashes really, it is just a constant-time string equality check function, apparently like sodium_memcmp()
To Top