scuffle v0.0.8

scuffle

Prevent node.js timing attacks using a combination of Knuth Fisher-Yates shuffling and random sleep, where sleep time is defined in microseconds.

For example, when comparing a stored API key with the API key sent with a user request.

Install

$ npm install scuffle

Usage

const scuffle = require("scuffle");

scuffle.compare("Hello, World!", "Hello, World!");
//=> true

scuffle.compare([0, 1, 2, 3], [1, 2, 3, 4]);
//=> false

scuffle.compare("Short string", "A much longer string");
//=> false

// Can use an object to define the min and max number of random microseconds to add to a comparison
// default {minAddedTime: 0, maxAddedTime: 1e6}
scuffle.compare("Hello, World!", "Hello, World!", {minAddedTime: 200, maxAddedTime: 500});
//=> true

scuffle.compare(10, "I am a string");
//=> Uncaught TypeError: Can only compare strings and arrays. Found: number and string
//    at scuffle.compare (<anonymous>:104:11)