buffer-equals-constant v2.0.0
Deprecated
It's included in Node.js 6.6.0 and later.
buffer-equals-constant 
Check if two buffers have the same bytes in constant time
Install
$ npm install buffer-equals-constantUsage
const bufferEqualsConstant = require('buffer-equals-constant');
bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'));
//=> true
bufferEqualsConstant(new Buffer('foo'), new Buffer('bar'));
//=> false
bufferEqualsConstant(new Buffer('foo'), new Buffer('foo'), 512);
//=> trueAPI
bufferEqualsConstant(a, b, minComp)
Returns a boolean of whether a and b have the same bytes.
a
Type: Buffer
Buffer to compare.
b
Type: Buffer
Buffer to compare.
minComp
Type: number
Default: Math.max(a.length, b.length)
Minimal number of comparisons used to determine equality.
If the length of a or b depends on the input of your algorithm, a possible attacker may gain information about these lengths by varying the input:
const secret = new Buffer('secret');
bufferEqualsConstant(input, secret);Based on the execution time of different input.length an attacker may discover secret.length === 6, because bufferEqualsConstant will perform the same number of operations for all input with 0 <= input.length <= secret.length, but needs more operations if input.length > secret.length.
To alleviate this problem minComp can be used:
bufferEqualsConstant(input, new Buffer('secret'), 1024);Related
- buffer-equals - Node.js 0.12
buffer.equals()ponyfill - buf-compare - Node.js 0.12
Buffer.compare()ponyfill - buf-indexof - Node.js 4.0
buffer.indexOf()ponyfill
License
MIT © Sindre Sorhus