Constant Time Cryptography
Constant Time Cryptography
function checkApiKey(inputKey, correctKey) {
if (inputKey !== correctKey) {
throw new Error("wrong key");
}
}
Since string comparison is done byte by byte, even if an exception is thrown the number of correct bits can be guessed.
This has to be considered when choosing what to use for implementing cryptography algorithm, as an example BigInt is vulnerable to this