Skip to main content

crypto.equals(hashOne, hashTwo)

Compares two hashes for equality in constant time

Availability

Device (from impOS™ 36) + Agent

Parameters

Name Type Description
hashOne String or blob First comparison hash
hashTwo String or blob Second comparison hash

Returns

Bool — true if the hashes are equal, false otherwise

Description

This method compares the two parameter values for equality and, crucially, does so in constant time. This approach prevents protected information being inferred from the operation by measuring how long it takes. For example, a user is able to check a received HMAC without allowing the correct value to be deduced from the duration of the comparison.

For more information on this technique and the types of attack it overcomes, please see this article on CWE.