double-hmac

Compare two Buffers using Double HMAC to protect against timing attacks

Usage no npm install needed!

<script type="module">
  import doubleHmac from 'https://cdn.skypack.dev/double-hmac';
</script>

README

double-hmac

Compare two Buffers using Double HMAC to protect against timing attacks

Install

npm install double-hmac

Usage

Note that this module only accepts Buffers.

const assert = require('assert')

const compare = require('double-hmac')

const a = Buffer.from('some string')
const b = Buffer.from('some other string')
const c = Buffer.from('some string')

compare(a, b, (err, equal) => {
  assert.ifError(err)
  assert.notOk(equal)
})

compare(a, c, (err, equal) => {
  assert.ifError(err)
  assert.notOk(equal)
})

API

doubleHmac(a, b, cb)

a

Type: Buffer

b

Type: Buffer

cb

Type: Function

Standard Node.js callback with arguments (err, equal), equal being Boolean

Security Notes

TODO

License

ISC