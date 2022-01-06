openbase logo
openbase logo
CategoriesLeaderboard
sc

safe-compare

by Bruce
1.1.4 (see all)

Constant-time comparison algorithm to prevent timing attacks

npm
GitHub
CDN

Overview

DocumentationTutorialsReviewsMaintenanceDependenciesVersionsAlternatives
Showing:

Popularity

Downloads/wk

34.9K

GitHub Stars

25

Maintenance

Last Commit

1mo ago

Contributors

7

Package

Dependencies

1

License

MIT

Type Definitions

DefinitelyTyped

Tree-Shakeable

No?

Categories

Reviews

Be the first to rate

Readme

safe-compare

Constant-time comparison algorithm to prevent Node.js timing attacks.

For more information about Node.js timing attacks, please visit https://snyk.io/blog/node-js-timing-attack-ccc-ctf/.

npm package tag:? Dependency Status devDependency Status Coverage Status Code Climate Known Vulnerabilities Build Status - Tarvis Build status - AppVeyor

NOTICE:

If you are using Node.js v6.6.0 or higher, you can use crypto.timingSafeEqual(a, b) from the crypto module. Keep in mind that the method crypto.timingSafeEqual only accepts Buffers with the same length! This bundle will handle strings with different lengths for you.

Installation

$ npm install safe-compare --save

Usage

var safeCompare = require('safe-compare');

safeCompare('hello world', 'hello world'); // -> true

safeCompare('hello', 'not hello'); // -> false
safeCompare('hello foo', 'hello bar'); // -> false

Note: runtime is always corresponding to the length of the first parameter.

Tests

$ npm test

What's the improvement of this package?

This Node.js module is a improvement of the two existing modules scmp and secure-compare. It uses the best parts of both implementations.

The implementation of scmp is a good base, but it has a shorter execution time if the string's length is not equal. The package secure-compare always compares the two input strings, but its implementation is not as clean as in scmp.

License

safe-compare is released under the MIT license.

Rate & Review

Great Documentation0
Easy to Use0
Performant0
Highly Customizable0
Bleeding Edge0
Responsive Maintainers0
Poor Documentation0
Hard to Use0
Slow0
Buggy0
Abandoned0
Unwelcoming Community0
100
No reviews found
Be the first to rate

Alternatives

No alternatives found

Tutorials

No tutorials found
Add a tutorial