scuffle

    0.0.8 • Public • Published

    scuffle

    Prevent node.js timing attacks using a combination of Knuth Fisher-Yates shuffling and random sleep, where sleep time is defined in microseconds.

    For example, when comparing a stored API key with the API key sent with a user request.

    Install

    $ npm install scuffle
    

    Usage

    const scuffle = require("scuffle");
     
    scuffle.compare("Hello, World!", "Hello, World!");
    //=> true
     
    scuffle.compare([0, 1, 2, 3], [1, 2, 3, 4]);
    //=> false
     
    scuffle.compare("Short string", "A much longer string");
    //=> false
     
    // Can use an object to define the min and max number of random microseconds to add to a comparison
    // default {minAddedTime: 0, maxAddedTime: 1e6}
    scuffle.compare("Hello, World!", "Hello, World!", {minAddedTime: 200, maxAddedTime: 500});
    //=> true
     
    scuffle.compare(10, "I am a string");
    //=> Uncaught TypeError: Can only compare strings and arrays. Found: number and string
    //    at scuffle.compare (<anonymous>:104:11)

    Install

    npm i scuffle

    DownloadsWeekly Downloads

    8

    Version

    0.0.8

    License

    MIT

    Unpacked Size

    16.6 kB

    Total Files

    6

    Last publish

    Collaborators

    • willah