Support different length hash compare.

Eric Elliott · Eric Elliott · commit b4a70a6f3c3f · 2013-08-03T18:30:46.000-07:00
diff --git a/credential.js b/credential.js
@@ -132,13 +132,12 @@ var crypto = require('crypto'),
   /**
    * constantEquals(x, y)
    *
-   * Compare two equal-length hashes, x and y with a
-   * constant-time algorithm to prevent attacks based on
-   * timing statistics.
+   * Compare two strings, x and y with a constant-time
+   * algorithm to prevent attacks based on timing statistics.
    */
   constantEquals = function constantEquals(x, y) {
     var result = true,
-      length = y.length,
+      length = (x.length > y.length) ? x.length : y.length,
       i;
 
     for (i=0; i<length; i++) {
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "credential",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.",
   "main": "credential.js",
   "directories": {

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "credential",`
`3`		`- "version": "0.2.1",`
	`3`	`+ "version": "0.2.2",`
`4`	`4`	`"description": "Easy password hashing and verification in Node. Protects against brute force, rainbow tables, and timing attacks.",`
`5`	`5`	`"main": "credential.js",`
`6`	`6`	`"directories": {`