Laravel String Helper Function: equals

The equals method will determine if two strings are the same. The equals method implements a constant-time algorithm, meaning that the time it takes the method to complete does not necessarily increase as the size of the two inputs ($knownString and $userInput) increases. The method returns a boolean value, true if the strings are determined to be equal to one another or false if the strings are determined to not be equal to one another.

The signature for the equals helper method is:

equals($knownString, $userInput)

The following examples will highlight some example usage of the equals method. The returned result of the method will appear above the method call as a comment:

 1use \Illuminate\Support\Str;
 2 
 3// true
 4Str::equals('test string', 'test string');
 5 
 6// true
 7Str::equals('', '');
 8 
 9// false
10Str::equals('AAA', 'aaa');
11 
12// true
13Str::equals(hash('sha256', md5('test')), hash('sha256', md5('test')));

#Security Considerations

The equals method has the possibility of leaking length information about the given inputs if the supplied $knownString and $userInput are of different lengths using timing attacks. This is generally not a major issue, as preventing the leakage of length information is extremely difficult, if not impossible. The equals method does not leak information about the differences between the two strings.

For more information regarding this topic, refer to the following pages and articles:

• http://php.net/manual/en/function.hash-equals.php
• https://en.wikipedia.org/wiki/Time_complexity#Constant_time
• http://blog.ircmaxell.com/2014/11/its-all-about-time.html
• http://security.stackexchange.com/questions/49849/timing-safe-string-comparison-avoiding-length-leak

∎