<?php
function hmac_compare(string $a, string $b): bool
{
$random = random_bytes(32);
return hash_hmac('sha256', $a, $random) === hash_hmac('sha256', $b, $random);
}
$key = random_bytes(32);
$x = hash_hmac('sha256', 'test', $key);
$y = hash_hmac('sha256', 'test', $key);
$z = hash_hmac('sha256', 'test2', $key);
var_dump(
hmac_compare($x, $y), // true
hmac_compare($y, $z)
);
preferences:
23.18 ms | 406 KiB | 5 Q