Home Verkennen Help
Inloggen
Lawsun
/
ysjj-system
1
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: fd8b323dce
Aftakkingen Labels
ysjj-system
/
node_modules
/
tsscmp
Lawsun d230cfbce0 first commit 1 jaar geleden
..
lib d230cfbce0 first commit 1 jaar geleden
test d230cfbce0 first commit 1 jaar geleden
.travis.yml d230cfbce0 first commit 1 jaar geleden
LICENSE d230cfbce0 first commit 1 jaar geleden
README.md d230cfbce0 first commit 1 jaar geleden
appveyor.yml d230cfbce0 first commit 1 jaar geleden
package.json d230cfbce0 first commit 1 jaar geleden

README.md

Timing safe string compare using double HMAC

Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

var timingSafeCompare = require('tsscmp');

var sessionToken = '127e6fbfe24a750e72930c';
var givenToken = '127e6fbfe24a750e72930c';

if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}

##License: MIT

Credits to: @jsha | @bnoordhuis | @suryagh |