tsse

⏱ Constant time string/buffer equals.

_{Coded with ❤️ by Simone Primarosa.}

Synopsis

tsse is a string comparison algorithm to prevent Node.js timing attacks.

> This differs from crypto.timingSafeEqual because it:
> - supports both strings and Buffers;
> - supports inputs of different lengths.

Install

``$ npm install --save tsse`

`Usage`

`js const tsse = require('tsse');

const hash = '0a4d55a8d778e5022fab701977c5d840bbc486d0'; const givenHash = '1265a5eb08997ced279d3854629cba68a378b528';

if (tsse(hash, givenHash)) { console.log('good hash'); } else { console.log('bad hash'); } // => bad hash`

`API`

`$3`


Does a constant-time String comparison.  
NOTE: When

hiddenStr and inputStr have different lengths hiddenStr` is compared to itself, which makes the comparison non-commutative (time-wise).

Kind: global function
Returns: boolean - true if equals, false otherwise.
Access: public

| Param | Type | Description |
| --- | --- | --- |
| hiddenStr | string \| Buffer | A string that you don't want to leak. |
| inputStr | string \| Buffer | Another string. |

Contributing

Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE [report it][new issue].

Authors

- Simone Primarosa - Github ([@simonepri][github:simonepri]) • Twitter ([@simoneprimarosa][twitter:simoneprimarosa])

See also the list of [contributors][contributors] who participated in this project.

License

This project is licensed under the MIT License - see the [license][license] file for details.

[new issue]: https://github.com/simonepri/tsse/issues/new
[contributors]: https://github.com/simonepri/tsse/contributors

[license]: https://github.com/simonepri/tsse/tree/master/license

[github:simonepri]: https://github.com/simonepri
[twitter:simoneprimarosa]: http://twitter.com/intent/user?screen_name=simoneprimarosa

API

$3

Does a constant-time String comparison.
NOTE: When