An open API service indexing awesome lists of open source software.

https://github.com/simonepri/tsse

⏱ Timing safe string equals.
https://github.com/simonepri/tsse

constant-time string-equals time-attack

Last synced: 4 months ago
JSON representation

⏱ Timing safe string equals.

Awesome Lists containing this project

README

          


tsse





Latest version on npm



Downloads on npm



Project license




Lint status



Test macOS status



Test Ubuntu status



Test Windows status



Codecov Coverage report



Known Vulnerabilities




XO Code Style used



AVA Test Runner used



Istanbul Test Coverage used



NI Scaffolding System used



NP Release System used



⏱ Constant time string/buffer equals.



Coded with ❤️ by Simone Primarosa.

## Synopsis
tsse is a string comparison algorithm to prevent Node.js timing attacks.

> This differs from `crypto.timingSafeEqual` because it:
> - supports both `strings` and `Buffers`;
> - supports inputs of different lengths.

## Install

```
$ npm install --save tsse
```

## Usage

```js
const tsse = require('tsse');

const hash = '0a4d55a8d778e5022fab701977c5d840bbc486d0';
const givenHash = '1265a5eb08997ced279d3854629cba68a378b528';

if (tsse(hash, givenHash)) {
console.log('good hash');
} else {
console.log('bad hash');
}
// => bad hash
```

## API

### tsse(hiddenStr, inputStr) ⇒ boolean
Does a constant-time String comparison.
NOTE: When `hiddenStr` and `inputStr` have different lengths `hiddenStr` is compared to itself, which makes the comparison non-commutative (time-wise).

**Kind**: global function
**Returns**: boolean - true if equals, false otherwise.
**Access**: public

| Param | Type | Description |
| --- | --- | --- |
| hiddenStr | string \| Buffer | A string that you don't want to leak. |
| inputStr | string \| Buffer | Another string. |

## Contributing
Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE [report it][new issue].

## Authors
- **Simone Primarosa** - *Github* ([@simonepri][github:simonepri]) • *Twitter* ([@simoneprimarosa][twitter:simoneprimarosa])

See also the list of [contributors][contributors] who participated in this project.

## License
This project is licensed under the MIT License - see the [license][license] file for details.

[new issue]: https://github.com/simonepri/tsse/issues/new
[contributors]: https://github.com/simonepri/tsse/contributors

[license]: https://github.com/simonepri/tsse/tree/master/license

[github:simonepri]: https://github.com/simonepri
[twitter:simoneprimarosa]: http://twitter.com/intent/user?screen_name=simoneprimarosa