tsscmp

Timing safe string compare using double HMAC

  • tsscmp

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
tsscmp
8221.0.65 years ago7 years agoMinified + gzip package size for tsscmp in KB

Readme

Timing safe string compare using double HMAC
Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

``` npm install tsscmp ```

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

```js var timingSafeCompare = require('tsscmp'); var sessionToken = '127e6fbfe24a750e72930c'; var givenToken = '127e6fbfe24a750e72930c'; if (timingSafeCompare(sessionToken, givenToken)) { console.log('good token'); } else { console.log('bad token'); } ```

License:

MIT Credits to: @jsha | @bnoordhuis | @suryagh |