Timing safe string compare using double HMAC

![Node.js Version](https://nodejs.org/en/download)
![npm](https://npmjs.org/package/tsscmp)
![NPM Downloads](https://npmjs.org/package/tsscmp)
![Build Status](https://travis-ci.org/suryagh/tsscmp)
![Build Status](https://ci.appveyor.com/project/suryagh/tsscmp)
![Dependency Status](https://david-dm.org/suryagh/tsscmp)
![npm-license](LICENSE)

Prevents timing attacks using Brad Hill's
Double HMAC pattern
to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the
timing channel using random time per attempt comparison against iterative brute force attacks.

Install



npm install tsscmp



Why

To compare secret values like authentication tokens, passwords or

capability urls so that timing information is not

leaked to the attacker.



Example

js

var timingSafeCompare = require('tsscmp');



var sessionToken = '127e6fbfe24a750e72930c';

var givenToken = '127e6fbfe24a750e72930c';



if (timingSafeCompare(sessionToken, givenToken)) {

  console.log('good token');

} else {

  console.log('bad token');

}

``
##License:
MIT

Credits to: @jsha |
@bnoordhuis |
@suryagh |

Timing safe string compare using double HMAC

Install



npm install tsscmp



Why

To compare secret values like authentication tokens, passwords or

capability urls so that timing information is not

leaked to the attacker.



Example

js

var timingSafeCompare = require('tsscmp');



var sessionToken = '127e6fbfe24a750e72930c';

var givenToken = '127e6fbfe24a750e72930c';



if (timingSafeCompare(sessionToken, givenToken)) {

  console.log('good token');

} else {

  console.log('bad token');

}

``
##License:
MIT

Credits to: @jsha |
@bnoordhuis |
@suryagh |