This function compares the underlying bytes that represent the given ArrayBuffer, TypedArray, or DataView instances using a constant-time
algorithm.
This function does not leak timing information that
would allow an attacker to guess one of the values. This is suitable for
comparing HMAC digests or secret values like authentication cookies or capability urls.
a and b must both be Buffers, TypedArrays, or DataViews, and they
must have the same byte length. An error is thrown if a and b have
different byte lengths.
If at least one of a and b is a TypedArray with more than one byte per
entry, such as Uint16Array, the result will be computed using the platform
byte order.
When both of the inputs are Float32Arrays or Float64Arrays, this function might return unexpected results due to IEEE 754encoding of floating-point numbers. In particular, neither x === y nor Object.is(x, y) implies that the byte representations of two floating-pointnumbers x and y are equal.
Use of crypto.timingSafeEqual does not guarantee that the surrounding code
is timing-safe. Care should be taken to ensure that the surrounding code does
not introduce timing vulnerabilities.
This function compares the underlying bytes that represent the given
ArrayBuffer,TypedArray, orDataViewinstances using a constant-time algorithm.This function does not leak timing information that would allow an attacker to guess one of the values. This is suitable for comparing HMAC digests or secret values like authentication cookies or capability urls.
aandbmust both beBuffers,TypedArrays, orDataViews, and they must have the same byte length. An error is thrown ifaandbhave different byte lengths.If at least one of
aandbis aTypedArraywith more than one byte per entry, such asUint16Array, the result will be computed using the platform byte order.When both of the inputs are
Float32Arrays orFloat64Arrays, this function might return unexpected results due to IEEE 754 encoding of floating-point numbers. In particular, neitherx === ynorObject.is(x, y)implies that the byte representations of two floating-point numbersxandyare equal.Use of
crypto.timingSafeEqualdoes not guarantee that the surrounding code is timing-safe. Care should be taken to ensure that the surrounding code does not introduce timing vulnerabilities.