SkillAgentSearch skills...

Tsscmp

Timing safe string compare using double HMAC

GenerateConvertImprove

Install / Use

/learn @suryagh/Tsscmp
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

Timing safe string compare using double HMAC

Node.js Version npm NPM Downloads Build Status Build Status Dependency Status npm-license

Prevents timing attacks using Brad Hill's Double HMAC pattern to perform secure string comparison. Double HMAC avoids the timing attacks by blinding the timing channel using random time per attempt comparison against iterative brute force attacks.

Install

npm install tsscmp

Why

To compare secret values like authentication tokens, passwords or capability urls so that timing information is not leaked to the attacker.

Example

var timingSafeCompare = require('tsscmp');

var sessionToken = '127e6fbfe24a750e72930c';
var givenToken = '127e6fbfe24a750e72930c';

if (timingSafeCompare(sessionToken, givenToken)) {
  console.log('good token');
} else {
  console.log('bad token');
}

License

MIT

Credits to: @jsha | @bnoordhuis | @suryagh |

Related Skills

node-connect

331.2k

Diagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps

frontend-design

81.5k

Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.

openai-whisper-api

331.2k

Transcribe audio via OpenAI Audio Transcriptions API (Whisper).

commit-push-pr

81.5k

Commit, push, and open a PR

suryagh

View profile

View on GitHub
GitHub Stars90
CategoryDevelopment
Updated24d ago
Forks11
suryagh/tsscmp

Languages

JavaScript

Security Score

95/100

Audited on Feb 26, 2026

No findings