Miss any of our Open RFC calls?Watch the recordings here! »

scuffle

0.0.8 • Public • Published

scuffle

Prevent node.js timing attacks using a combination of Knuth Fisher-Yates shuffling and random sleep, where sleep time is defined in microseconds.

For example, when comparing a stored API key with the API key sent with a user request.

Install

$ npm install scuffle

Usage

const scuffle = require("scuffle");
 
scuffle.compare("Hello, World!", "Hello, World!");
//=> true
 
scuffle.compare([0, 1, 2, 3], [1, 2, 3, 4]);
//=> false
 
scuffle.compare("Short string", "A much longer string");
//=> false
 
// Can use an object to define the min and max number of random microseconds to add to a comparison
// default {minAddedTime: 0, maxAddedTime: 1e6}
scuffle.compare("Hello, World!", "Hello, World!", {minAddedTime: 200, maxAddedTime: 500});
//=> true
 
scuffle.compare(10, "I am a string");
//=> Uncaught TypeError: Can only compare strings and arrays. Found: number and string
//    at scuffle.compare (<anonymous>:104:11)

Install

npm i scuffle

DownloadsWeekly Downloads

0

Version

0.0.8

License

MIT

Unpacked Size

16.6 kB

Total Files

6

Last publish

Collaborators

  • avatar