scuffle

Prevent node.js timing attacks using a combination of Knuth Fisher-Yates shuffling and random sleep, where sleep time is defined in microseconds.

For example, when comparing a stored API key with the API key sent with a user request.

Install

$ npm install scuffle

Usage

const scuffle = require("scuffle");
 
scuffle.compare("Hello, World!", "Hello, World!");
//=> true
 
scuffle.compare([0, 1, 2, 3], [1, 2, 3, 4]);
//=> false
 
scuffle.compare("Short string", "A much longer string");
//=> false
 
// Can use an object to define the min and max number of random microseconds to add to a comparison
// default {minAddedTime: 0, maxAddedTime: 1e6}
scuffle.compare("Hello, World!", "Hello, World!", {minAddedTime: 200, maxAddedTime: 500});
//=> true
 
scuffle.compare(10, "I am a string");
//=> Uncaught TypeError: Can only compare strings and arrays. Found: number and string
//    at scuffle.compare (<anonymous>:104:11)

scuffle

scuffle

Install

Usage

Dependencies (0)

Dev Dependencies (2)

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

scuffle

scuffle

Install

Usage

Dependencies (0)

Dev Dependencies (2)

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads