buffer-equals-constant

Check if two buffers have the same bytes in constant time

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
buffer-equals-constant
2.0.05 years ago7 years agoMinified + gzip package size for buffer-equals-constant in KB

Readme

Deprecated
It's included in Node.js 6.6.0 and later.
buffer-equals-constant Build Status
Check if two buffers have the same bytes in constant time

Install

$ npm install buffer-equals-constant

Usage

const bufferEqualsConstant = require('buffer-equals-constant');

bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'));
//=> true

bufferEqualsConstant(new Buffer('foo'), new Buffer('bar'));
//=> false

bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'), 512);
//=> true

API

bufferEqualsConstant(a, b, minComp)

Returns a boolean of whether a and b have the same bytes.

a

Type: Buffer
Buffer to compare.

b

Type: Buffer
Buffer to compare.

minComp

Type: number
Default: Math.max(a.length, b.length)
Minimal number of comparisons used to determine equality.
If the length of a or b depends on the input of your algorithm, a possible attacker may gain information about these lengths by varying the input:
const secret = new Buffer('secret');
bufferEqualsConstant(input, secret);

Based on the execution time of different input.length an attacker may discover secret.length === 6, because bufferEqualsConstant will perform the same number of operations for all input with 0 <= input.length <= secret.length, but needs more operations if input.length > secret.length.
To alleviate this problem minComp can be used:
bufferEqualsConstant(input, new Buffer('secret'), 1024);

Related

License

MIT © Sindre Sorhus