-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: include the words "constant time" in crypto.timingSafeEqual description #16504
Labels
crypto
Issues and PRs related to the crypto subsystem.
doc
Issues and PRs related to the documentations.
good first issue
Issues that are suitable for first-time contributors.
Comments
kevinburkeotto
changed the title
doc: include the words "constant time" in crypto.timingSafeEqual comparison
doc: include the words "constant time" in crypto.timingSafeEqual description
Oct 25, 2017
mscdex
added
crypto
Issues and PRs related to the crypto subsystem.
doc
Issues and PRs related to the documentations.
labels
Oct 26, 2017
@kevinburkeotto Sounds like a good idea, do you want to open a PR? Our contributing guide should help you get started :) |
joyeecheung
added
the
good first issue
Issues that are suitable for first-time contributors.
label
Oct 27, 2017
This was referenced Oct 30, 2017
@joyeecheung : I've raised a PR for this.. can you kindly review. Thanks ! |
cjihrig
pushed a commit
to cjihrig/node
that referenced
this issue
Nov 6, 2017
Included reference to 'constant time' in crypto.timingSafeEqual description. The Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" in its description. PR-URL: nodejs#16604 Fixes: nodejs#16504 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
gibfahn
pushed a commit
that referenced
this issue
Nov 14, 2017
Included reference to 'constant time' in crypto.timingSafeEqual description. The Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" in its description. PR-URL: #16604 Fixes: #16504 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins
pushed a commit
that referenced
this issue
Nov 14, 2017
Included reference to 'constant time' in crypto.timingSafeEqual description. The Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" in its description. PR-URL: #16604 Fixes: #16504 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
crypto
Issues and PRs related to the crypto subsystem.
doc
Issues and PRs related to the documentations.
good first issue
Issues that are suitable for first-time contributors.
I was looking for the timingSafeEqual function. I knew it existed because I'd used it before; I googled for "node crypto constant time". The crypto page is the 5th result for this search. I read a description of all of the API's and hit ctrl+f to search for "constant time" and didn't find any results.
I finally found it after I reread the Github issue asking for the API
It's common to describe that algorithm as a "constant time" algorithm, for example in Go, the api is
subtle.ConstantTimeCompare
. This blog post addressing the problem recommends using "constant-time algorithms": https://codahale.com/a-lesson-in-timing-attacks/. Presumably the Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" somewhere in the description.The text was updated successfully, but these errors were encountered: