Why Gemfury?
Push, build, and install
RubyGems
npm packages
Python packages
Maven artifacts
PHP packages
Go Modules
Debian packages
RPM packages
NuGet packages
Repository URL to install this package:
|
Version:
1.0.0-1 ▾
|
vending-octopus-service-dep
/
usr
/
local
/
lib
/
vending
/
octopus
/
service
/
node_modules
/
tsscmp
|
|---|
| .. |
| test |
| lib |
| package.json |
| appveyor.yml |
| LICENSE |
| README.md |
| .travis.yml |
Timing safe string compare using double HMAC
Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.
Install
npm install tsscmp
Why
To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.
Example
var timingSafeCompare = require('tsscmp'); var sessionToken = '127e6fbfe24a750e72930c'; var givenToken = '127e6fbfe24a750e72930c'; if (timingSafeCompare(sessionToken, givenToken)) { console.log('good token'); } else { console.log('bad token'); }
##License: MIT
Credits to: @jsha | @bnoordhuis | @suryagh |