Skip to main content

crypto.equals(hashOne, hashTwo)

Compares two hashes for equality in constant time


Device + Agent


Name Type Description
hashOne String or blob First comparison hash
hashTwo String or blob Second comparison hash


Bool — true if the hashes are equal, false otherwise


This method compares the two parameter values for equality and, crucially, does so in constant time. This approach prevents protected information being inferred from the operation by measuring how long it takes. For example, a user is able to check a received HMAC without allowing the correct value to be deduced from the duration of the comparison.

For more information on this technique and the types of attack it overcomes, please see this article on CWE.