tsscmp - npm Package Compare versions

Comparing version 1.0.2 to 1.0.4

package.json

		{
		"name": "tsscmp",
		"version": "1.0.2",
		"version": "1.0.4",
		"description": "Timing safe string compare using double HMAC",
		@@ -19,4 +19,2 @@ "main": "lib/index.js",
		"safe string compare",
		"compare",
		"double",
		"hmac"
		@@ -23,0 +21,0 @@ ],

README.md

		@@ -0,1 +1,2 @@
		# Timing safe string compare using double HMAC
		[![Node.js Version][node-version-image]][node-version-url]
		@@ -23,3 +24,2 @@ [![npm][npm-image]][npm-url]
		[license-url]: LICENSE
		# Timing safe string compare using double HMAC
		Prevents [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/) using Brad Hill's
		@@ -37,5 +37,5 @@ [Double HMAC pattern](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/)
		## Why
		High level languages like JavaScript cannot perform
		[reliable](https://github.com/nodejs/node-v0.x-archive/issues/8560#issuecomment-59521094)
		constant-time string comparison because of the many layers of software and hardware optimizers.
		To compare secret values like authentication tokens, passwords or
		capability urls so that timing information is not
		leaked to the attacker.

		@@ -47,4 +47,4 @@ ## Example

		var sessionToken = '127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 ';
		var givenToken = '127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935 ';
		var sessionToken = '127e6fbfe24a750e72930c';
		var givenToken = '127e6fbfe24a750e72930c';

		@@ -59,6 +59,7 @@ if (timingSafeCompare(sessionToken, givenToken)) {
		[@jsha](https://github.com/jsha)</br>
		[@bnoordhuis](https://github.com/bnoordhuis)
		[@bnoordhuis](https://github.com/bnoordhuis)</br>
		[@suryagh](https://github.com/suryagh)

		## License

		[MIT](LICENSE)
		[MIT](LICENSE)

New alerts