Awesome

Deprecated

It was added to Node.js 6.6.0 as crypto.timingSafeEqual().

buffer-equals-constant

Check if two buffers have the same bytes in constant time

Install

$ npm install buffer-equals-constant

Usage

const bufferEqualsConstant = require('buffer-equals-constant');

bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'));
//=> true

bufferEqualsConstant(new Buffer('foo'), new Buffer('bar'));
//=> false

bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'), 512);
//=> true

API

bufferEqualsConstant(a, b, [minComp])

Returns a boolean of whether a and b have the same bytes.

a

Type: Buffer

Buffer to compare.

b

Type: Buffer

Buffer to compare.

minComp

Type: number<br> Default: Math.max(a.length, b.length)

Minimal number of comparisons used to determine equality.

If the length of a or b depends on the input of your algorithm, a possible attacker may gain information about these lengths by varying the input:

const secret = new Buffer('secret');
bufferEqualsConstant(input, secret);

Based on the execution time of different input.length an attacker may discover secret.length === 6, because bufferEqualsConstant will perform the same number of operations for all input with 0 <= input.length <= secret.length, but needs more operations if input.length > secret.length.

To alleviate this problem minComp can be used:

bufferEqualsConstant(input, new Buffer('secret'), 1024);

Related

• buffer-equals - Node.js 0.12 buffer.equals() ponyfill
• buf-compare - Node.js 0.12 Buffer.compare() ponyfill
• buf-indexof - Node.js 4.0 buffer.indexOf() ponyfill

License

MIT © Sindre Sorhus