tsse

Constant time string/buffer equals

Usage no npm install needed!

<script type="module">
  import tsse from 'https://cdn.skypack.dev/tsse';
</script>

README

tsse

Latest version on npm Downloads on npm Project license
Lint status Test macOS status Test Ubuntu status Test Windows status
Codecov Coverage report Known Vulnerabilities Dependency Status
XO Code Style used AVA Test Runner used Istanbul Test Coverage used NI Scaffolding System used NP Release System used

⏱ Constant time string/buffer equals.
Coded with ❤️ by Simone Primarosa.

Synopsis

tsse is a string comparison algorithm to prevent Node.js timing attacks.

tsse benchmark

Install

$ npm install --save tsse

Usage

const tsse = require('tsse');

const hash      = '0a4d55a8d778e5022fab701977c5d840bbc486d0';
const givenHash = '1265a5eb08997ced279d3854629cba68a378b528';

if (tsse(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}
// => bad hash

API

tsse(a, b) ⇒ boolean

Does a constant-time String comparison.

Kind: global function
Returns: boolean - true if equals, false otherwise.
Access: public

Param Type Description
a string | Buffer The first string.
b string | Buffer The second string.

Contributing

Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE report it.

Authors

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the license file for details.