tsse

⏱ Constant time string/buffer equals.
_{Coded with ❤️ by Simone Primarosa.}

## Synopsis tsse is a string comparison algorithm to prevent Node.js timing attacks. > This differs from `crypto.timingSafeEqual` because it: > - supports both `strings` and `Buffers`; > - supports inputs of different lengths. ## Install ``` $ npm install --save tsse ``` ## Usage ```js const tsse = require('tsse'); const hash = '0a4d55a8d778e5022fab701977c5d840bbc486d0'; const givenHash = '1265a5eb08997ced279d3854629cba68a378b528'; if (tsse(hash, givenHash)) { console.log('good hash'); } else { console.log('bad hash'); } // => bad hash ``` ## API ### tsse(hiddenStr, inputStr) ⇒ boolean Does a constant-time String comparison. NOTE: When `hiddenStr` and `inputStr` have different lengths `hiddenStr` is compared to itself, which makes the comparison non-commutative (time-wise). **Kind**: global function **Returns**: boolean - true if equals, false otherwise. **Access**: public | Param | Type | Description | | --- | --- | --- | | hiddenStr | string \| Buffer | A string that you don't want to leak. | | inputStr | string \| Buffer | Another string. | ## Contributing Contributions are REALLY welcome and if you find a security flaw in this code, PLEASE [report it][new issue]. ## Authors - **Simone Primarosa** - *Github* ([@simonepri][github:simonepri]) • *Twitter* ([@simoneprimarosa][twitter:simoneprimarosa]) See also the list of [contributors][contributors] who participated in this project. ## License This project is licensed under the MIT License - see the [license][license] file for details. [new issue]: https://github.com/simonepri/tsse/issues/new [contributors]: https://github.com/simonepri/tsse/contributors [license]: https://github.com/simonepri/tsse/tree/master/license [github:simonepri]: https://github.com/simonepri [twitter:simoneprimarosa]: http://twitter.com/intent/user?screen_name=simoneprimarosa