Skip to content

suryagh/tsscmp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
appveyor.yml
appveyor.yml
 
 
package.json
package.json
 
 

Repository files navigation

Timing safe string compare using double HMAC

Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing attacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

var timingSafeCompare = require('tsscmp');

var sessionToken = '127e6fbfe24a750e72930c';
var givenToken = '127e6fbfe24a750e72930c';

if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}

License

MIT

Credits to: @jsha | @bnoordhuis | @suryagh |

About

Timing safe string compare using double HMAC

Resources

Readme

License

MIT license
Activity

Stars

87 stars

Watchers

2 watching

Forks

10 forks
Report repository

Releases

6 tags

Packages

No packages published

Contributors 7

Languages