{"_id":"tsscmp","_rev":"73718","name":"tsscmp","description":"Timing safe string compare using double HMAC","dist-tags":{"latest":"1.0.6"},"maintainers":[{"name":"suryagh","email":"surya.com@gmail.com"}],"time":{"modified":"2021-06-03T10:24:03.000Z","created":"2016-05-11T22:00:15.530Z","1.0.6":"2018-07-31T02:11:53.802Z","1.0.5":"2016-05-26T01:35:04.425Z","1.0.4":"2016-05-24T01:47:24.883Z","1.0.2":"2016-05-22T22:40:59.164Z","1.0.1":"2016-05-12T11:52:27.351Z","1.0.0":"2016-05-11T22:00:15.530Z"},"users":{"suryagh":true,"ahmed-dinar":true,"rping":true},"author":{"name":"suryagh"},"repository":{"type":"git","url":"git+https://github.com/suryagh/tsscmp.git"},"versions":{"1.0.6":{"name":"tsscmp","version":"1.0.6","description":"Timing safe string compare using double HMAC","main":"lib/index.js","dependencies":{},"devDependencies":{},"scripts":{"test":"node test/unit && node test/benchmark"},"repository":{"type":"git","url":"git+https://github.com/suryagh/tsscmp.git"},"keywords":["timing safe string compare","double hmac string compare","safe string compare","hmac"],"author":{"name":"suryagh"},"publishConfig":{"registry":"https://registry.npmjs.org"},"engines":{"node":">=0.6.x"},"license":"MIT","gitHead":"53430f98f8dc4cea2cb649a7a8a2867e93f08cf8","bugs":{"url":"https://github.com/suryagh/tsscmp/issues"},"homepage":"https://github.com/suryagh/tsscmp#readme","_id":"tsscmp@1.0.6","_npmVersion":"6.1.0","_nodeVersion":"10.3.0","_npmUser":{"name":"suryagh","email":"surya.com@gmail.com"},"dist":{"shasum":"85b99583ac3589ec4bfef825b5000aa911d605eb","size":3611,"noattachment":false,"key":"/tsscmp/-/tsscmp-1.0.6.tgz","tarball":"http://registry.cnpm.dingdandao.com/tsscmp/download/tsscmp-1.0.6.tgz"},"maintainers":[{"name":"suryagh","email":"surya.com@gmail.com"}],"directories":{},"_npmOperationalInternal":{"host":"s3://npm-registry-packages","tmp":"tmp/tsscmp_1.0.6_1533003113694_0.39800480899280677"},"_hasShrinkwrap":false,"publish_time":1533003113802,"_cnpm_publish_time":1533003113802},"1.0.5":{"name":"tsscmp","version":"1.0.5","description":"Timing safe string compare using double HMAC","main":"lib/index.js","dependencies":{},"devDependencies":{},"scripts":{"test":"node test/unit && node test/benchmark"},"repository":{"type":"git","url":"git+https://github.com/suryagh/tsscmp.git"},"keywords":["timing safe string compare","double hmac string compare","safe string compare","hmac"],"author":{"name":"suryagh"},"publishConfig":{"registry":"https://registry.npmjs.org"},"engines":{"node":">=0.6.x"},"license":"MIT","gitHead":"095fb02b3e6102cbd1d2bdc9613e3da54e782f59","bugs":{"url":"https://github.com/suryagh/tsscmp/issues"},"homepage":"https://github.com/suryagh/tsscmp#readme","_id":"tsscmp@1.0.5","_shasum":"7dc4a33af71581ab4337da91d85ca5427ebd9a97","_from":".","_npmVersion":"3.6.0","_nodeVersion":"5.6.0","_npmUser":{"name":"suryagh","email":"surya.com@gmail.com"},"dist":{"shasum":"7dc4a33af71581ab4337da91d85ca5427ebd9a97","size":3564,"noattachment":false,"key":"/tsscmp/-/tsscmp-1.0.5.tgz","tarball":"http://registry.cnpm.dingdandao.com/tsscmp/download/tsscmp-1.0.5.tgz"},"maintainers":[{"name":"suryagh","email":"surya.com@gmail.com"}],"_npmOperationalInternal":{"host":"packages-16-east.internal.npmjs.com","tmp":"tmp/tsscmp-1.0.5.tgz_1464226502956_0.48576042777858675"},"directories":{},"publish_time":1464226504425,"_cnpm_publish_time":1464226504425,"_hasShrinkwrap":false},"1.0.4":{"name":"tsscmp","version":"1.0.4","description":"Timing safe string compare using double HMAC","main":"lib/index.js","dependencies":{},"devDependencies":{},"scripts":{"test":"node test/unit && node test/benchmark"},"repository":{"type":"git","url":"git+https://github.com/suryagh/tsscmp.git"},"keywords":["timing safe string compare","double hmac string compare","safe string compare","hmac"],"author":{"name":"suryagh"},"publishConfig":{"registry":"https://registry.npmjs.org"},"engines":{"node":">=0.6.x"},"license":"MIT","gitHead":"207a67f7da60ca90b79aed3da7417317ab05fa96","bugs":{"url":"https://github.com/suryagh/tsscmp/issues"},"homepage":"https://github.com/suryagh/tsscmp#readme","_id":"tsscmp@1.0.4","_shasum":"16638d8f414605bf4daa9be8fdeabda4c3923b6a","_from":".","_npmVersion":"3.6.0","_nodeVersion":"5.6.0","_npmUser":{"name":"suryagh","email":"surya.com@gmail.com"},"dist":{"shasum":"16638d8f414605bf4daa9be8fdeabda4c3923b6a","size":3684,"noattachment":false,"key":"/tsscmp/-/tsscmp-1.0.4.tgz","tarball":"http://registry.cnpm.dingdandao.com/tsscmp/download/tsscmp-1.0.4.tgz"},"maintainers":[{"name":"suryagh","email":"surya.com@gmail.com"}],"_npmOperationalInternal":{"host":"packages-12-west.internal.npmjs.com","tmp":"tmp/tsscmp-1.0.4.tgz_1464054442663_0.9036741754971445"},"directories":{},"publish_time":1464054444883,"_cnpm_publish_time":1464054444883,"_hasShrinkwrap":false},"1.0.2":{"name":"tsscmp","version":"1.0.2","description":"Timing safe string compare using double HMAC","main":"lib/index.js","dependencies":{},"devDependencies":{},"scripts":{"test":"node test/unit && node test/benchmark"},"repository":{"type":"git","url":"git+https://github.com/suryagh/tsscmp.git"},"keywords":["timing safe string compare","double hmac string compare","safe string compare","compare","double","hmac"],"author":{"name":"suryagh"},"publishConfig":{"registry":"https://registry.npmjs.org"},"engines":{"node":">=0.6.x"},"license":"MIT","gitHead":"9a26dc5c8cef3f61a6829f7e009c396439664614","bugs":{"url":"https://github.com/suryagh/tsscmp/issues"},"homepage":"https://github.com/suryagh/tsscmp#readme","_id":"tsscmp@1.0.2","_shasum":"e440e05256e41f57ae3dc50b413201ae2caa739e","_from":".","_npmVersion":"3.6.0","_nodeVersion":"5.6.0","_npmUser":{"name":"suryagh","email":"surya.com@gmail.com"},"dist":{"shasum":"e440e05256e41f57ae3dc50b413201ae2caa739e","size":3703,"noattachment":false,"key":"/tsscmp/-/tsscmp-1.0.2.tgz","tarball":"http://registry.cnpm.dingdandao.com/tsscmp/download/tsscmp-1.0.2.tgz"},"maintainers":[{"name":"suryagh","email":"surya.com@gmail.com"}],"_npmOperationalInternal":{"host":"packages-16-east.internal.npmjs.com","tmp":"tmp/tsscmp-1.0.2.tgz_1463956858067_0.9973081948701292"},"directories":{},"publish_time":1463956859164,"_cnpm_publish_time":1463956859164,"_hasShrinkwrap":false},"1.0.1":{"name":"tsscmp","version":"1.0.1","description":"Timing safe string compare using double HMAC","main":"lib/index.js","dependencies":{},"devDependencies":{},"scripts":{"test":"node test/index-test.js"},"repository":{"type":"git","url":"git+https://github.com/suryagh/tsscmp.git"},"keywords":["timing safe string compare","double hmac string compare","safe string compare","compare","double","hmac"],"author":{"name":"suryagh"},"publishConfig":{"registry":"https://registry.npmjs.org"},"engines":{"node":">=0.6.x"},"engineStrict":true,"licenses":[{"type":"Apache 2.0","url":"http://www.apache.org/licenses/LICENSE-2.0.html"}],"gitHead":"638c1fb38770f46170c84f98d82791ee00b252f1","bugs":{"url":"https://github.com/suryagh/tsscmp/issues"},"homepage":"https://github.com/suryagh/tsscmp#readme","_id":"tsscmp@1.0.1","_shasum":"15a3dff6600dc4647c5a5ebdc6881ba62f37fc42","_from":".","_npmVersion":"3.6.0","_nodeVersion":"5.6.0","_npmUser":{"name":"suryagh","email":"surya.com@gmail.com"},"dist":{"shasum":"15a3dff6600dc4647c5a5ebdc6881ba62f37fc42","size":2294,"noattachment":false,"key":"/tsscmp/-/tsscmp-1.0.1.tgz","tarball":"http://registry.cnpm.dingdandao.com/tsscmp/download/tsscmp-1.0.1.tgz"},"maintainers":[{"name":"suryagh","email":"surya.com@gmail.com"}],"_npmOperationalInternal":{"host":"packages-16-east.internal.npmjs.com","tmp":"tmp/tsscmp-1.0.1.tgz_1463053945726_0.8911230766680092"},"directories":{},"publish_time":1463053947351,"_cnpm_publish_time":1463053947351,"_hasShrinkwrap":false},"1.0.0":{"name":"tsscmp","version":"1.0.0","description":"timing safe string compare, using double hmac","main":"lib/index.js","dependencies":{},"devDependencies":{},"scripts":{"test":"node test/index-test.js"},"repository":{"type":"git","url":"git+https://github.com/suryagh/tsscmp.git"},"keywords":["timing safe string compare","double hmac string compare","safe string compare","compare","double","hmac"],"author":{"name":"suryagh"},"publishConfig":{"registry":"https://registry.npmjs.org"},"engines":{"node":">=0.6.x"},"engineStrict":true,"licenses":[{"type":"Apache 2.0","url":"http://www.apache.org/licenses/LICENSE-2.0.html"}],"gitHead":"9c3028fe4bb48b0c6991d7c98553b803998d89b7","bugs":{"url":"https://github.com/suryagh/tsscmp/issues"},"homepage":"https://github.com/suryagh/tsscmp#readme","_id":"tsscmp@1.0.0","_shasum":"0b97586d4c99367040665bd1dae43374616e2350","_from":".","_npmVersion":"3.6.0","_nodeVersion":"5.6.0","_npmUser":{"name":"suryagh","email":"surya.com@gmail.com"},"dist":{"shasum":"0b97586d4c99367040665bd1dae43374616e2350","size":2129,"noattachment":false,"key":"/tsscmp/-/tsscmp-1.0.0.tgz","tarball":"http://registry.cnpm.dingdandao.com/tsscmp/download/tsscmp-1.0.0.tgz"},"maintainers":[{"name":"suryagh","email":"surya.com@gmail.com"}],"_npmOperationalInternal":{"host":"packages-12-west.internal.npmjs.com","tmp":"tmp/tsscmp-1.0.0.tgz_1463004012988_0.45107064745388925"},"directories":{},"publish_time":1463004015530,"_cnpm_publish_time":1463004015530,"_hasShrinkwrap":false}},"readme":"# Timing safe string compare using double HMAC\r\n\r\n[![Node.js Version](https://img.shields.io/node/v/tsscmp.svg?style=flat-square)](https://nodejs.org/en/download)\r\n[![npm](https://img.shields.io/npm/v/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)\r\n[![NPM Downloads](https://img.shields.io/npm/dm/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)\r\n[![Build Status](https://img.shields.io/travis/suryagh/tsscmp/master.svg?style=flat-square)](https://travis-ci.org/suryagh/tsscmp)\r\n[![Build Status](https://img.shields.io/appveyor/ci/suryagh/tsscmp/master.svg?style=flat-square&label=windows)](https://ci.appveyor.com/project/suryagh/tsscmp)\r\n[![Dependency Status](http://img.shields.io/david/suryagh/tsscmp.svg?style=flat-square)](https://david-dm.org/suryagh/tsscmp)\r\n[![npm-license](http://img.shields.io/npm/l/tsscmp.svg?style=flat-square)](LICENSE)\r\n\r\n\r\nPrevents [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/) using Brad Hill's\r\n[Double HMAC pattern](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/)\r\nto perform secure string comparison. Double HMAC avoids the timing atacks by blinding the\r\ntiming channel using random time per attempt comparison against iterative brute force attacks.\r\n\r\n\r\n## Install\r\n\r\n```\r\nnpm install tsscmp\r\n```\r\n## Why\r\nTo compare secret values like **authentication tokens**, **passwords** or\r\n**capability urls** so that timing information is not\r\nleaked to the attacker.\r\n\r\n## Example\r\n\r\n```js\r\nvar timingSafeCompare = require('tsscmp');\r\n\r\nvar sessionToken = '127e6fbfe24a750e72930c';\r\nvar givenToken = '127e6fbfe24a750e72930c';\r\n\r\nif (timingSafeCompare(sessionToken, givenToken)) {\r\n  console.log('good token');\r\n} else {\r\n  console.log('bad token');\r\n}\r\n```\r\n##License: \r\n[MIT](LICENSE)\r\n\r\n**Credits to:**  [@jsha](https://github.com/jsha) |\r\n[@bnoordhuis](https://github.com/bnoordhuis) |\r\n[@suryagh](https://github.com/suryagh) |\r\n ","_attachments":{},"homepage":"https://github.com/suryagh/tsscmp#readme","bugs":{"url":"https://github.com/suryagh/tsscmp/issues"},"license":"MIT"}