Code Review / vnfsdk / refrepo.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Bug:Fix file validation issue
[vnfsdk/refrepo.git] / vnfmarket / src / main / webapp / vnfmarket / node_modules / tsscmp / README.md
1 # Timing safe string compare using double HMAC
2
3 [![Node.js Version](https://img.shields.io/node/v/tsscmp.svg?style=flat-square)](https://nodejs.org/en/download)
4 [![npm](https://img.shields.io/npm/v/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)
5 [![NPM Downloads](https://img.shields.io/npm/dm/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)
6 [![Build Status](https://img.shields.io/travis/suryagh/tsscmp/master.svg?style=flat-square)](https://travis-ci.org/suryagh/tsscmp)
7 [![Build Status](https://img.shields.io/appveyor/ci/suryagh/tsscmp/master.svg?style=flat-square&label=windows)](https://ci.appveyor.com/project/suryagh/tsscmp)
8 [![Dependency Status](http://img.shields.io/david/suryagh/tsscmp.svg?style=flat-square)](https://david-dm.org/suryagh/tsscmp)
9 [![npm-license](http://img.shields.io/npm/l/tsscmp.svg?style=flat-square)](LICENSE)
10
11
12 Prevents [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/) using Brad Hill's
13 [Double HMAC pattern](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/)
14 to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the
15 timing channel using random time per attempt comparison against iterative brute force attacks.
16
17
18 ## Install
19
20 ```
21 npm install tsscmp
22 ```
23 ## Why
24 To compare secret values like **authentication tokens**, **passwords** or
25 **capability urls** so that timing information is not
26 leaked to the attacker.
27
28 ## Example
29
30 ```js
31 var timingSafeCompare = require('tsscmp');
32
33 var sessionToken = '127e6fbfe24a750e72930c';
34 var givenToken = '127e6fbfe24a750e72930c';
35
36 if (timingSafeCompare(sessionToken, givenToken)) {
37   console.log('good token');
38 } else {
39   console.log('bad token');
40 }
41 ```
42 ##License: 
43 [MIT](LICENSE)
44
45 **Credits to:**  [@jsha](https://github.com/jsha) |
46 [@bnoordhuis](https://github.com/bnoordhuis) |
47 [@suryagh](https://github.com/suryagh) |
48  
This repository is for a reference vnf repository