Skip to main content
Home
Browse packagesDocs
Sign In with GitHubSign In with GitLab

@std/crypto@0.215.0

latest
Works with
It is unknown whether this package works with Browsers, Deno, Node.js, Cloudflare Workers, Bun
It is unknown whether this package works with Browsers
It is unknown whether this package works with Deno
It is unknown whether this package works with Node.js
It is unknown whether this package works with Cloudflare Workers
It is unknown whether this package works with Bun
JSR Score70%
Published2 years ago (0.215.0)
function timingSafeEqual
timingSafeEqual(
a: ArrayBufferView | ArrayBufferLike | DataView,
b: ArrayBufferView | ArrayBufferLike | DataView
): boolean

When checking the values of cryptographic hashes are equal, default comparisons can be susceptible to timing based attacks, where attacker is able to find out information about the host system by repeatedly checking response times to equality comparisons of values.

It is likely some form of timing safe equality will make its way to the WebCrypto standard (see: w3c/webcrypto#270), but until that time, timingSafeEqual() is provided:

import { timingSafeEqual } from "@std/crypto/timing_safe_equal";
import { assert } from "@std/assert/assert";

const a = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);
const b = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);

assert(timingSafeEqual(a, b));

Parameters

a: ArrayBufferView | ArrayBufferLike | DataView
b: ArrayBufferView | ArrayBufferLike | DataView

Return Type

boolean

Report package

Please provide a reason for reporting this package. We will review your report and take appropriate action.

Please review the JSR usage policy before submitting a report.

Add Package

deno add jsr:@std/crypto

Import symbol

import { timingSafeEqual } from "@std/crypto";
or

Import directly with a jsr specifier

import { timingSafeEqual } from "jsr:@std/crypto";