https://github.com/simonepri/tsse
⏱ Timing safe string equals.
https://github.com/simonepri/tsse
constant-time string-equals time-attack
Last synced: 4 months ago
JSON representation
⏱ Timing safe string equals.
- Host: GitHub
- URL: https://github.com/simonepri/tsse
- Owner: simonepri
- License: mit
- Created: 2017-08-03T12:08:50.000Z (almost 9 years ago)
- Default Branch: main
- Last Pushed: 2022-06-05T18:20:25.000Z (about 4 years ago)
- Last Synced: 2025-09-11T01:53:13.241Z (10 months ago)
- Topics: constant-time, string-equals, time-attack
- Language: JavaScript
- Size: 126 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: readme.md
- License: license
Awesome Lists containing this project
README
tsse
⏱ Constant time string/buffer equals.
Coded with ❤️ by Simone Primarosa.
## Synopsis
tsse is a string comparison algorithm to prevent Node.js timing attacks.
> This differs from `crypto.timingSafeEqual` because it:
> - supports both `strings` and `Buffers`;
> - supports inputs of different lengths.
## Install
```
$ npm install --save tsse
```
## Usage
```js
const tsse = require('tsse');
const hash = '0a4d55a8d778e5022fab701977c5d840bbc486d0';
const givenHash = '1265a5eb08997ced279d3854629cba68a378b528';
if (tsse(hash, givenHash)) {
console.log('good hash');
} else {
console.log('bad hash');
}
// => bad hash
```
## API
### tsse(hiddenStr, inputStr) ⇒ boolean
Does a constant-time String comparison.
NOTE: When `hiddenStr` and `inputStr` have different lengths `hiddenStr` is compared to itself, which makes the comparison non-commutative (time-wise).
**Kind**: global function
**Returns**: boolean - true if equals, false otherwise.
**Access**: public
| Param | Type | Description |
| --- | --- | --- |
| hiddenStr | string \| Buffer | A string that you don't want to leak. |
| inputStr | string \| Buffer | Another string. |
## Contributing
Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE [report it][new issue].
## Authors
- **Simone Primarosa** - *Github* ([@simonepri][github:simonepri]) • *Twitter* ([@simoneprimarosa][twitter:simoneprimarosa])
See also the list of [contributors][contributors] who participated in this project.
## License
This project is licensed under the MIT License - see the [license][license] file for details.
[new issue]: https://github.com/simonepri/tsse/issues/new
[contributors]: https://github.com/simonepri/tsse/contributors
[license]: https://github.com/simonepri/tsse/tree/master/license
[github:simonepri]: https://github.com/simonepri
[twitter:simoneprimarosa]: http://twitter.com/intent/user?screen_name=simoneprimarosa