Sign Up for Free

RunKit +

Try any Node.js package right in your browser

This is a playground to test code. It runs a full Node.js environment and already has all of npm’s 400,000 packages pre-installed, including scmp with all npm packages installed. Try it out:

var scmp = require("scmp")

This service is provided by RunKit and is not affiliated with npm, Inc or the package authors.

scmp v2.0.0

safe, constant-time comparison of Buffers

scmp

travis npm downloads

Safe, constant-time comparison of Buffers.

Changes in v2.x

Since scmp 2.x, Buffers are now required to be passed as arguments. In 1.x, the arguments were assumed to be strings, and were always run through String().

Also, there is a new crypto.timingSafeEqual() since Node v6.6.0. If this function is available, then that will be used, otherwise a scmp-internal implementation will be used.

Install

npm install scmp

Why?

To minimize vulnerability against timing attacks.

Example

const scmp = require('scmp');
const Buffer = require('safe-buffer').Buffer;

const hash      = Buffer.from('e727d1464ae12436e899a726da5b2f11d8381b26', 'hex');
const givenHash = Buffer.from('e727e1b80e448a213b392049888111e1779a52db', 'hex');

if (scmp(hash, givenHash)) {
  console.log('good hash');
} else {
  console.log('bad hash');
}

Metadata

RunKit is a free, in-browser JavaScript dev environment for prototyping Node.js code, with every npm package installed. Sign up to share your code.
Sign Up for Free