tsscmp

2018-11-10 admin

tsscmp是什么

什么是tsscmp,Timing safe string compare using double HMAC

tsscmp使用教程帮助文档

Timing safe string compare using double HMAC

Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license

Prevents timing attacks using Brad Hill’s Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

var timingSafeCompare = require('tsscmp');

var sessionToken = '127e6fbfe24a750e72930c';
var givenToken = '127e6fbfe24a750e72930c';

if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}

##License: MIT

Credits to: @jsha | @bnoordhuis | @suryagh |

本站文章除注明转载外,均为本站原创或编译。欢迎任何形式的转载,但请务必注明出处。

转载请注明:文章转载自 JavaScript中文网 [https://www.javascriptcn.com]

本文地址:https://www.javascriptcn.com/read-45065.html

文章标题:tsscmp

回到顶部