https://github.com/fabiospampinato/crypto-timing-safe-equals
An isomorphic timing-safe equality function for strings and Uint8Arrays.
https://github.com/fabiospampinato/crypto-timing-safe-equals
crypto equal equals safe timing
Last synced: 7 months ago
JSON representation
An isomorphic timing-safe equality function for strings and Uint8Arrays.
- Host: GitHub
- URL: https://github.com/fabiospampinato/crypto-timing-safe-equals
- Owner: fabiospampinato
- License: mit
- Created: 2023-08-12T17:26:36.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2023-09-24T16:28:48.000Z (about 2 years ago)
- Last Synced: 2024-05-01T12:39:12.371Z (over 1 year ago)
- Topics: crypto, equal, equals, safe, timing
- Language: JavaScript
- Homepage:
- Size: 2.93 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: readme.md
- License: license
Awesome Lists containing this project
README
# Crypto Timing-Safe Equals
An isomorphic timing-safe equality function for strings and Uint8Arrays.
This is a port of [`@ircmaxell`](https://github.com/ircmaxell)'s function for PHP, published [here](https://blog.ircmaxell.com/2012/12/seven-ways-to-screw-up-bcrypt.html?m=1#8-Bonus-Not-Using-A-Timing-Safe-Comparison).
If you want to avoid leaking the length of your secret, you should always pass that as the _first_ argument to the function.
## Install
```sh
npm install crypto-timing-safe-equals
```
## Usage
```ts
import timingSafeEquals from 'crypto-timing-safe-equals';
// Let's check if two strings are equal, in a timing-safe manner
timingSafeEquals ( 'secret', 'secret' ); // => true
timingSafeEquals ( 'secret', 'attempt' ); // => false
// Let's check if two Uint8Arrays are equal, in a timing-safe manner
timingSafeEquals ( new Uint8Array ([ 102, 111, 111 ]), new Uint8Array ([ 102, 111, 111 ]) ); // => true
timingSafeEquals ( new Uint8Array ([ 102, 111, 111 ]), new Uint8Array ([ 98, 97, 114 ]) ); // => false
```
## License
MIT © Fabio Spampinato