free-sun
/
Highways4Good
14
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
四好公路
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
4 Branches
0 Tags
118 MiB
 
 
 
 
Tree: 6f4dcd76d0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6f4dcd76d0'
${ noResults }
Highways4Good/api/node_modules/tsscmp
巴林闲侠 6f4dcd76d0
授权管理 		3 years ago
..
lib 授权管理 3 years ago
test 授权管理 3 years ago
.travis.yml 授权管理 3 years ago
LICENSE 授权管理 3 years ago
README.md 授权管理 3 years ago
appveyor.yml 授权管理 3 years ago
package.json 授权管理 3 years ago

README.md

Timing safe string compare using double HMAC

Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

var timingSafeCompare = require('tsscmp');

var sessionToken = '127e6fbfe24a750e72930c';
var givenToken = '127e6fbfe24a750e72930c';

if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}

##License: MIT

Credits to: @jsha | @bnoordhuis | @suryagh |