npm
Sign UpSign In

timing-safe-compare

1.0.1 • Public • Published

Timing safe string compare using double hmac

Prevents timing attacks using Brad Hill's Double HMAC pattern from to perform safe string comparison. The approach is similar to the node's native implementation of timing safe buffer comparison that will be available on v6+.

Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install timing-safe-compare

Why?

To minimize vulnerability against timing attacks during string comparision.

Examples

var timingSafeCompare = require('timing-safe-compare');
 
var sessionToken = '127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 ';
var givenToken = '127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 ';
 
if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}
 

Readme

Keywords

Package Sidebar

Install

npm i timing-safe-compare

Repository

github.com/suryagh/timing-safe-compare

Homepage

github.com/suryagh/timing-safe-compare#readme

Weekly Downloads

10

Version

1.0.1

License

none

Last publish

Collaborators

  • suryanpm
Try on RunKit
Report malware