scmp

2.0.0 • Public • Published

scmp

travis npm downloads

Safe, constant-time comparison of Buffers.

Changes in v2.x

Since scmp 2.x, Buffers are now required to be passed as arguments. In 1.x, the arguments were assumed to be strings, and were always run through String().

Also, there is a new crypto.timingSafeEqual() since Node v6.6.0. If this function is available, then that will be used, otherwise a scmp-internal implementation will be used.

Install

npm install scmp

Why?

To minimize vulnerability against timing attacks.

Example

const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;
 
const hash      = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');
 
if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}
 

install

npm i scmp

Downloadsweekly downloads

146,355

version

2.0.0

license

BSD-3-Clause

homepage

github.com

repository

Gitgithub

last publish

collaborators

  • avatar
Report a vulnerability