Skip to content

A small Clojure library for securely comparing strings or byte arrays

Notifications You must be signed in to change notification settings

weavejester/crypto-equality

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

crypto-equality

A very small Clojure library for protecting against timing attacks when comparing strings or sequences of bytes.

This is useful for comparing user-supplied values against secrets held by the application, such as tokens or keys.

Installation

Add the following dependency to your project.clj file:

[crypto-equality "1.0.1"]

Usage

Require the crypto.equality namespace:

(require '[crypto.equality :as crypto])

Then use the eq? function to compare strings, byte arrays, or any ordered sequence of integers.

(crypto/eq? "foo" "foo") ;; => true
(crypto/eq? "foo" "bar") ;; => false

License

Copyright © 2021 James Reeves

Distributed under the Eclipse Public License, the same as Clojure.

About

A small Clojure library for securely comparing strings or byte arrays

Resources

Stars

Watchers

Forks

Packages

No packages published