Skip to main content
Deno 2 is finally here 🎉️
Learn more
Module

x/proc/tools/deps/crypto.ts>timingSafeEqual

A better way to work with processes in Deno.
Go to Latest
function timingSafeEqual
Re-export
import { timingSafeEqual } from "https://deno.land/x/proc@0.20.39/tools/deps/crypto.ts";

When checking the values of cryptographic hashes are equal, default comparisons can be susceptible to timing based attacks, where attacker is able to find out information about the host system by repeatedly checking response times to equality comparisons of values.

It is likely some form of timing safe equality will make its way to the WebCrypto standard (see: w3c/webcrypto#270), but until that time, timingSafeEqual() is provided:

import { timingSafeEqual } from "https://deno.land/std@0.224.0/crypto/timing_safe_equal.ts";
import { assert } from "https://deno.land/std@0.224.0/assert/assert.ts";

const a = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);
const b = await crypto.subtle.digest(
  "SHA-384",
  new TextEncoder().encode("hello world"),
);

assert(timingSafeEqual(a, b));

Parameters

a: ArrayBufferView | ArrayBufferLike | DataView
b: ArrayBufferView | ArrayBufferLike | DataView

Returns

boolean