safe, constant-time comparison of Buffers
Safe, constant-time comparison of Buffers.
Since scmp 2.x, Buffers are now required to be passed as arguments. In 1.x,
the arguments were assumed to be strings, and were always run through
Also, there is a new
crypto.timingSafeEqual() since Node v6.6.0. If this function
is available, then that will be used, otherwise a scmp-internal implementation
will be used.
npm install scmp
To minimize vulnerability against timing attacks.
const scmp = ;const Buffer = Buffer;const hash = Buffer;const givenHash = Buffer;ifconsole;elseconsole;