tsscmp

WebJar for tsscmp

License

License

MIT
GroupId

GroupId

org.webjars.npm
ArtifactId

ArtifactId

tsscmp
Last Version

Last Version

1.0.6
Release Date

Release Date

Type

Type

jar
Description

Description

tsscmp
WebJar for tsscmp
Project URL

Project URL

https://www.webjars.org
Source Code Management

Source Code Management

https://github.com/suryagh/tsscmp

Download tsscmp

How to add to project

<!-- https://jarcasting.com/artifacts/org.webjars.npm/tsscmp/ -->
<dependency>
    <groupId>org.webjars.npm</groupId>
    <artifactId>tsscmp</artifactId>
    <version>1.0.6</version>
</dependency>
// https://jarcasting.com/artifacts/org.webjars.npm/tsscmp/
implementation 'org.webjars.npm:tsscmp:1.0.6'
// https://jarcasting.com/artifacts/org.webjars.npm/tsscmp/
implementation ("org.webjars.npm:tsscmp:1.0.6")
'org.webjars.npm:tsscmp:jar:1.0.6'
<dependency org="org.webjars.npm" name="tsscmp" rev="1.0.6">
  <artifact name="tsscmp" type="jar" />
</dependency>
@Grapes(
@Grab(group='org.webjars.npm', module='tsscmp', version='1.0.6')
)
libraryDependencies += "org.webjars.npm" % "tsscmp" % "1.0.6"
[org.webjars.npm/tsscmp "1.0.6"]

Dependencies

There are no dependencies for this project. It is a standalone project that does not depend on any other jars.

Project Modules

There are no modules declared in this project.

Timing safe string compare using double HMAC

Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing attacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

var timingSafeCompare = require('tsscmp');

var sessionToken = '127e6fbfe24a750e72930c';
var givenToken = '127e6fbfe24a750e72930c';

if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}

License

MIT

Credits to: @jsha | @bnoordhuis | @suryagh |

Versions

Version
1.0.6