Timing safe string compare using double hmac

[npm-image]: https://img.shields.io/npm/v/timing-safe-compare.svg?style=flat
[npm-url]: https://npmjs.org/package/timing-safe-compare

Prevents timing attacks using Brad Hill's Double HMAC pattern from to perform __safe string comparison__. The approach is similar to the node's native implementation of timing safe buffer comparison that will be available on v6+.

Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

``
npm install timing-safe-compare
`

Why?

To minimize vulnerability against timing attacks during string comparision.

Examples

`js
var timingSafeCompare = require('timing-safe-compare');

var sessionToken = '127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 ';
var givenToken = '127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 ';

if (timingSafeCompare(sessionToken, givenToken)) {
console.log('good token');
} else {
console.log('bad token');
}

``