Usage in Deno
import { timingSafeEqual } from "node:crypto";
timingSafeEqual(a: ArrayBufferView,b: ArrayBufferView,): boolean
This function compares the underlying bytes that represent the givenArrayBuffer
, TypedArray
, or DataView
instances using a constant-time
algorithm.
This function does not leak timing information that would allow an attacker to guess one of the values. This is suitable for comparing HMAC digests or secret values like authentication cookies or capability urls.
a
and b
must both be Buffer
s, TypedArray
s, or DataView
s, and they
must have the same byte length. An error is thrown if a
and b
have
different byte lengths.
If at least one of a
and b
is a TypedArray
with more than one byte per
entry, such as Uint16Array
, the result will be computed using the platform
byte order.
When both of the inputs are Float32Array
s orFloat64Array
s, this function might return unexpected results due to IEEE 754
encoding of floating-point numbers. In particular, neither x === y
norObject.is(x, y)
implies that the byte representations of two floating-point
numbers x
and y
are equal.
Use of crypto.timingSafeEqual
does not guarantee that the surrounding code
is timing-safe. Care should be taken to ensure that the surrounding code does
not introduce timing vulnerabilities.
boolean