Newlyweds Proposing Marriage

    This package has been deprecated

    Author message:

    Deprecated as it was added to Node.js 6.6.0 as `crypto.timingSafeEqual`

    buffer-equals-constant

    2.0.0 • Public • Published

    Deprecated

    It's included in Node.js 6.6.0 and later.


    buffer-equals-constant Build Status

    Check if two buffers have the same bytes in constant time

    Install

    $ npm install buffer-equals-constant
    

    Usage

    const bufferEqualsConstant = require('buffer-equals-constant');
     
    bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'));
    //=> true
     
    bufferEqualsConstant(new Buffer('foo'), new Buffer('bar'));
    //=> false
     
    bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'), 512);
    //=> true

    API

    bufferEqualsConstant(a, b, [minComp])

    Returns a boolean of whether a and b have the same bytes.

    a

    Type: Buffer

    Buffer to compare.

    b

    Type: Buffer

    Buffer to compare.

    minComp

    Type: number
    Default: Math.max(a.length, b.length)

    Minimal number of comparisons used to determine equality.

    If the length of a or b depends on the input of your algorithm, a possible attacker may gain information about these lengths by varying the input:

    const secret = new Buffer('secret');
    bufferEqualsConstant(input, secret);

    Based on the execution time of different input.length an attacker may discover secret.length === 6, because bufferEqualsConstant will perform the same number of operations for all input with 0 <= input.length <= secret.length, but needs more operations if input.length > secret.length.

    To alleviate this problem minComp can be used:

    bufferEqualsConstant(input, new Buffer('secret'), 1024);

    Related

    License

    MIT © Sindre Sorhus

    Install

    npm i buffer-equals-constant

    DownloadsWeekly Downloads

    427

    Version

    2.0.0

    License

    MIT

    Last publish

    Collaborators

    • sindresorhus