3 var Crypto = require('crypto');
4 var Boom = require('boom');
12 // Generate a cryptographically strong pseudo-random data
14 exports.randomString = function (size) {
16 var buffer = exports.randomBits((size + 1) * 6);
17 if (buffer instanceof Error) {
21 var string = buffer.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, '');
22 return string.slice(0, size);
26 exports.randomBits = function (bits) {
31 return Boom.internal('Invalid random bits count');
34 var bytes = Math.ceil(bits / 8);
36 return Crypto.randomBytes(bytes);
39 return Boom.internal('Failed generating random bits: ' + err.message);
44 // Compare two strings using fixed time algorithm (to prevent time-based analysis of MAC digest match)
46 exports.fixedTimeComparison = function (a, b) {
48 if (typeof a !== 'string' ||
49 typeof b !== 'string') {
54 var mismatch = (a.length === b.length ? 0 : 1);
59 for (var i = 0, il = a.length; i < il; ++i) {
60 var ac = a.charCodeAt(i);
61 var bc = b.charCodeAt(i);
62 mismatch |= (ac ^ bc);
65 return (mismatch === 0);