crypto.timingSafeEqual(a, b)

  • a {Buffer | TypedArray | DataView}
  • b {Buffer | TypedArray | DataView}
  • Returns: {boolean}

This function is based on a constant-time algorithm. Returns true if a is equal to b, without leaking timing information that would allow an attacker to guess one of the values. This is suitable for comparing HMAC digests or secret values like authentication cookies or capability urls.

a and b must both be Buffers, TypedArrays, or DataViews, and they must have the same length.

Use of crypto.timingSafeEqual does not guarantee that the surrounding code is timing-safe. Care should be taken to ensure that the surrounding code does not introduce timing vulnerabilities.


最后修改 April 16, 2020: 加密 (a75e592)