Safe, constant-time comparison of Buffers
JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
benchmark
lib
test
.gitignore
.travis.yml
LICENSE
README.md
index.js
package.json

README.md

scmp

travis npm downloads

Safe, constant-time comparison of Buffers.

Changes in v2.x

Since scmp 2.x, Buffers are now required to be passed as arguments. In 1.x, the arguments were assumed to be strings, and were always run through String().

Also, there is a new crypto.timingSafeEqual() since Node v6.6.0. If this function is available, then that will be used, otherwise a scmp-internal implementation will be used.

Install

npm install scmp

Why?

To minimize vulnerability against timing attacks.

Example

const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;

const hash      = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');

if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}