Emarref\Jwt\Encryption\Symmetric::timingSafeEquals PHP Метод

    public function timingSafeEquals($safe, $user)
    {
        if (function_exists('hash_equals')) {
            return hash_equals($user, $safe);
        }
        $safeLen = strlen($safe);
        $userLen = strlen($user);
        /*
         * In general, it's not possible to prevent length leaks. So it's OK to leak the length.
         * @see http://security.stackexchange.com/questions/49849/timing-safe-string-comparison-avoiding-length-leak
         */
        if ($userLen != $safeLen) {
            return false;
        }
        $result = 0;
        for ($i = 0; $i < $userLen; $i++) {
            $result |= ord($safe[$i]) ^ ord($user[$i]);
        }
        return $result === 0;
    }