Performs constant-time hash comparison to prevent timing attacks in security-sensitive applications. Access via MCP in Cursor or Windsurf, or REST API at GET /v1/hash/compare with hash1 and hash2 parameters. Returns boolean match result without revealing comparison timing patterns, essential for password verification and authentication systems.
curl "https://tinyfn.io/v1/hash/compare" \
-H "X-API-Key: YOUR_API_KEY"const response = await fetch('https://tinyfn.io/v1/hash/compare', {
headers: { 'X-API-Key': 'YOUR_API_KEY' }
});
const data = await response.json();
console.log(data);import requests
response = requests.get('https://tinyfn.io/v1/hash/compare',
headers={'X-API-Key': 'YOUR_API_KEY'})
data = response.json()
print(data)Connect your AI agent (Claude, Cursor, Windsurf, etc.) to TinyFn's hash tools:
{
"mcpServers": {
"tinyfn-hash": {
"url": "https://tinyfn.io/mcp/hash",
"headers": {
"X-API-Key": "YOUR_API_KEY"
}
}
}
}Constant-time comparison takes the same amount of time regardless of where hashes differ, preventing timing attacks where attackers measure response times to guess hash values. Critical for password verification and API key validation.
Use the compare_hashes tool in your AI agent with the stored hash and user-provided hash. The tool returns true/false without leaking timing information about hash similarity.
Yes, the tool handles different hash lengths and types (MD5, SHA-256, bcrypt, etc.). It compares the raw hash bytes in constant time regardless of the hashing algorithm used.
Regular string comparison (==) exits early when finding differences, creating timing vulnerabilities. This tool always processes the full hash length, maintaining constant execution time.
No, GET /v1/hash/compare returns only a JSON boolean result. The constant-time guarantee applies to the comparison logic, not the HTTP response time which varies due to network factors.
Get your free API key and start using Compare Hashes in seconds.
Get Free API Key