Share your code. npm Orgs help your team discover, share, and reuse code. Create a free org »

    tsscmppublic

    Timing safe string compare using double HMAC

    Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license

    Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

    Install

    npm install tsscmp
    

    Why

    To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

    Example

    var timingSafeCompare = require('tsscmp');
     
    var sessionToken = '127e6fbfe24a750e72930c';
    var givenToken = '127e6fbfe24a750e72930c';
     
    if (timingSafeCompare(sessionToken, givenToken)) {
      console.log('good token');
    } else {
      console.log('bad token');
    }

    License:

    MIT

    Credits to: @jsha | @bnoordhuis | @suryagh |

    install

    npm i tsscmp

    Downloadsweekly downloads

    584,454

    version

    1.0.5

    license

    MIT

    repository

    githubgithub

    last publish

    collaborators

    • avatar