node package manager

scmp

scmp

travis npm downloads

Safe, constant-time comparison of Buffers.

Changes in v2.x

Since scmp 2.x, Buffers are now required to be passed as arguments. In 1.x, the arguments were assumed to be strings, and were always run through String().

Also, there is a new crypto.timingSafeEqual() since Node v6.6.0. If this function is available, then that will be used, otherwise a scmp-internal implementation will be used.

Install

npm install scmp

Why?

To minimize vulnerability against timing attacks.

Example

const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;
 
const hash      = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');
 
if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}