Timing safe string compare using double HMAC

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing attacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp-js

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

import { timingSafeCompare } from "tsscmp-js";

const sessionToken = "5439fd10-e3e0-4926-a239-e95658906718";
const givenToken = "5439fd10-e3e0-4926-a239-e95658906718";

const isValid = await timingSafeCompare(sessionToken, givenToken);

if (isValid) {
  console.log("good token");
} else {
  console.log("bad token");
}

License

MIT

Credits to: @suryagh

tsscmp-js

Timing safe string compare using double HMAC

Install

Why

Example

License

/tsscmp-js/

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

tsscmp-js

Timing safe string compare using double HMAC

Install

Why

Example

License

/tsscmp-js/

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads