UNPKG

@advena/web-timing-safe-equal

Version:

A timing-safe comparison function utilizing the 'Double HMAC validation pattern' with webcrypto, designed to operate in Node.JS, Edge, and Browser environments.

github.com/advename/web-timing-safe-equal

advename/web-timing-safe-equal

107 lines (94 loc) 2.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
/** * Performance comparison of Node.JS native * `timingSafeEqual` vs the libraries `webTimingSafeEqual` */ const { performance } = require("perf_hooks"); const { webTimingSafeEqual, generateSecretKey, } = require("../src/webTimingSafeEqual"); const timingSafeEqual = require("crypto").timingSafeEqual; const testRuns = 10000; const results = {}; const encoder = new TextEncoder(); const a = encoder.encode("testString1"); const b = encoder.encode("testString1"); (async () => { // Generate secret key const secretKey = await generateSecretKey(); // Define methods to test const methods = [ { name: "Node:timingSafeEqual", func: timingSafeEqual, isAsync: false, params: [a, b], }, { name: "Lib:webTimingSafeEqual", func: webTimingSafeEqual, isAsync: true, params: [a, b], }, { name: "Lib:webTimingSafeEqualWithPreGenKey", func: webTimingSafeEqual, isAsync: true, params: [a, b, { secretKey, hmacAlgorithm: "SHA-256" }], }, ]; // Run tests for (let i = 0; i < testRuns; i++) { for (const method of methods) { // Test the method const start = performance.now(); if (method.isAsync) { await method.func(...method.params); } else { method.func(...method.params); } const end = performance.now(); // Update results if (!results[method.name]) { results[method.name] = 0; } results[method.name] += end - start; } // Rotate methods array for fair comparison const firstMethod = methods.shift(); methods.push(firstMethod); } // Calculate average time for (const method of methods) { results[method.name] /= testRuns; } // Display results console.log(results); // Calculate how many times slower one method is over the other // Find the fastest method's time const fastestTime = Math.min(...Object.values(results)); // Calculate how many times slower other methods are compared to the fastest one for (const methodName in results) { const methodTime = results[methodName]; const timesSlower = methodTime / fastestTime; console.log( `${methodName} is ${timesSlower.toFixed( 2 )} times slower than the fastest method.` ); } })(); /** * Example test run 28/04/2013 * { 'Node:timingSafeEqual': 0.00029670338630676267, 'Lib:webTimingSafeEqual': 0.0312298095703125, 'Lib:webTimingSafeEqualWithPreGenKey': 0.017928896522521973 } Node:timingSafeEqual is 1.00 times slower than the fastest method. Lib:webTimingSafeEqual is 105.26 times slower than the fastest method. Lib:webTimingSafeEqualWithPreGenKey is 60.43 times slower than the fastest method. * * */