Open kevinburkeotto opened 6 years ago
I should write a new module that doesn't depend on core crypto
, but I still think this module is very relevant. double-siphash
with an ephemeral key might be the next module, but I do not feel that this module is at odds with timingSafeEqual
. Truly constant-time is notoriously difficult to achieve, so I find it easier to reason about something that entirely removes the timing component.
I have also been thinking of doing a secure-shuffle
of the array access would yield the same timing independence, but I haven't done the proof to be sure
Node.js has a
timingSafeEqual
function built in as of version 6.6.0: https://nodejs.org/api/crypto.html#crypto_crypto_timingsafeequal_a_bIt seems better to a) use that function if it's available and/or b) note in the README that people don't need to load a third party library to do that anymore.