---
title: digest.secure_is_equal
summary: null
url: >-
  https://www.fastly.com/documentation/reference/vcl/functions/cryptographic/digest-secure-is-equal
---

```
BOOL digest.secure_is_equal(STRING s1, STRING s2)
```

**Available in:** all subroutines

Returns `true` if `s1` and `s2` are equal. Comparison 
time varies on the length of `s1` and `s2` but not the contents of `s1` and 
`s2`. For strings of the same length, the comparison is done in constant time 
to defend against timing attacks.

## Example

```vcl
if (!(table.lookup(user2hashedpass, req.http.User) && digest.secure_is_equal(req.http.HashedPass, table.lookup(user2hashedpass, req.http.User)))) {
  error 401 "Unauthorized";
}
```