README
tsse
⏱ Constant time string/buffer equals.
Coded with ❤️ by Simone Primarosa.
Synopsis
tsse is a string comparison algorithm to prevent Node.js timing attacks.
Install
$ npm install --save tsse
Usage
const tsse = require('tsse');
const hash = '0a4d55a8d778e5022fab701977c5d840bbc486d0';
const givenHash = '1265a5eb08997ced279d3854629cba68a378b528';
if (tsse(hash, givenHash)) {
console.log('good hash');
} else {
console.log('bad hash');
}
// => bad hash
API
boolean
tsse(a, b) ⇒ Does a constant-time String comparison.
Kind: global function
Returns: boolean
- true if equals, false otherwise.
Access: public
Param | Type | Description |
---|---|---|
a | string | Buffer |
The first string. |
b | string | Buffer |
The second string. |
Contributing
Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE report it.
Authors
- Simone Primarosa - Github (@simonepri) • Twitter (@simoneprimarosa)
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the license file for details.