Détail du package

scmp

freewil6.9mBSD-3-Clause2.1.0

safe, constant-time comparison of Buffers

safe-compare, compare, time-equivalent-comparison, time equivalent

readme

scmp

travis npm downloads

Safe, constant-time comparison of Buffers.

Install

npm install scmp

Why?

To minimize vulnerability against timing attacks.

Example

const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;

const hash      = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');

if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}

changelog

History

v2.1.0 (2019/12/26)

  • code now uses standard as linter
  • var has been replaced with const and let
  • code now executed in strict mode

v2.0.0 (2016/11/05)

  • Buffers are now required to be passed as arguments. In 1.x, the arguments were assumed to be strings, and were always run through String().
  • Starting with Node.js v6.6.0, use crypto.timingSafeEqual() (if available).