scuffle

Prevent node.js timing attacks using a combination of Knuth Fisher-Yates shuffling and random sleep

0.0.8
latest
Source
npm

Version published: 6 years ago

Maintainers: 1

Created: 6 years ago

Source

scuffle

Prevent node.js timing attacks using a combination of Knuth Fisher-Yates shuffling and random sleep, where sleep time is defined in microseconds.

For example, when comparing a stored API key with the API key sent with a user request.

Install

$ npm install scuffle

Usage

const scuffle = require("scuffle");

scuffle.compare("Hello, World!", "Hello, World!");
//=> true

scuffle.compare([0, 1, 2, 3], [1, 2, 3, 4]);
//=> false

scuffle.compare("Short string", "A much longer string");
//=> false

// Can use an object to define the min and max number of random microseconds to add to a comparison
// default {minAddedTime: 0, maxAddedTime: 1e6}
scuffle.compare("Hello, World!", "Hello, World!", {minAddedTime: 200, maxAddedTime: 500});
//=> true

scuffle.compare(10, "I am a string");
//=> Uncaught TypeError: Can only compare strings and arrays. Found: number and string
//    at scuffle.compare (<anonymous>:104:11)

Keywords

FAQs

What is scuffle?

Is scuffle well maintained?

Package last updated on 29 Jan 2019

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

scuffle

scuffle

Install

Usage

Keywords

Related posts

Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking