secure-compare

What is secure-compare?

The secure-compare npm package provides a way to perform constant-time comparison of two strings. This is particularly useful for security purposes, such as comparing cryptographic hashes or tokens, to prevent timing attacks.

What are secure-compare's main functionalities?

Constant-Time String Comparison

This feature allows you to compare two strings in constant time, which helps prevent timing attacks. The function returns true if the strings are equal and false otherwise.

const secureCompare = require('secure-compare');

const a = 'string1';
const b = 'string2';

if (secureCompare(a, b)) {
  console.log('Strings are equal');
} else {
  console.log('Strings are not equal');
}

Other packages similar to secure-compare

tsscmp

The tsscmp package provides a similar functionality to secure-compare by performing a constant-time comparison of two strings. It is designed to mitigate timing attacks in a similar manner.

safe-compare

The safe-compare package also offers constant-time string comparison to prevent timing attacks. It is another alternative to secure-compare with similar security features.

README

secure-compare

Constant-time comparison algorithm to prevent timing attacks for Node.js. Copied from cryptiles by C J Silverio.

Installation

$ npm install secure-compare --save

Usage

var compare = require('secure-compare');

compare('hello world', 'hello world').should.equal(true);
compare('你好世界', '你好世界').should.equal(true);

compare('hello', 'not hello').should.equal(false);

Tests

$ npm test

License

secure-compare is released under the MIT license.