doc: include the words "constant time" in crypto.timingSafeEqual description #16504
Labels
crypto
Issues and PRs related to the crypto subsystem.
doc
Issues and PRs related to the documentations.
good first issue
Issues that are suitable for first-time contributors.
Comments
kevinburkeotto
changed the title
mscdex
added
crypto
|
@kevinburkeotto Sounds like a good idea, do you want to open a PR? Our contributing guide should help you get started :) |
joyeecheung
added
the
good first issue
This was referenced Oct 30, 2017
|
@joyeecheung : I've raised a PR for this.. can you kindly review. Thanks ! |
cjihrig
pushed a commit
to cjihrig/node
that referenced
this issue
Nov 6, 2017
Included reference to 'constant time' in crypto.timingSafeEqual description. The Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" in its description. PR-URL: nodejs#16604 Fixes: nodejs#16504 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
gibfahn
pushed a commit
that referenced
this issue
Nov 14, 2017
Included reference to 'constant time' in crypto.timingSafeEqual description. The Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" in its description. PR-URL: #16604 Fixes: #16504 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
MylesBorins
pushed a commit
that referenced
this issue
Nov 14, 2017
Included reference to 'constant time' in crypto.timingSafeEqual description. The Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" in its description. PR-URL: #16604 Fixes: #16504 Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I was looking for the timingSafeEqual function. I knew it existed because I'd used it before; I googled for "node crypto constant time". The crypto page is the 5th result for this search. I read a description of all of the API's and hit ctrl+f to search for "constant time" and didn't find any results.
I finally found it after I reread the Github issue asking for the API
It's common to describe that algorithm as a "constant time" algorithm, for example in Go, the api is
subtle.ConstantTimeCompare. This blog post addressing the problem recommends using "constant-time algorithms": https://codahale.com/a-lesson-in-timing-attacks/. Presumably the Node website would score higher on a Google search and the API would be more discoverable if it used the words "constant time" somewhere in the description.The text was updated successfully, but these errors were encountered: