deno_std icon indicating copy to clipboard operation
deno_std copied to clipboard
verified publisher icon denoland

feature: crypto.timingSafeEqual

Open NotFounds opened this issue 3 years ago • 0 comments

Is your feature request related to a problem? Please describe.

Comparing two sequences has a risk for timing attack. Nodejs has a function crypto.timingSafeEqual to compare two sequence constant time. And [deno_std/node/crypto] is also supporting it.

Has deno_std already implemented this or an equivalent function? I think it would be good to implement it in deno_std.

Describe the solution you'd like

Implement crypto.timingSafeEqual(a, b).

  • a: Buffer | DataView | ArrayBuffer | string
  • b: Buffer | DataView | ArrayBuffer | string

⚠️ Nodejs's timingSafeEqual does not support the string type, but there are many cases when you may want to use string.

Describe alternatives you've considered

Use deno_std/node/crypto or third-party lib.

NotFounds avatar Jul 19 '22 03:07 NotFounds