It would be nice to pass an option rawBuffer: true or something to get the raw buffers returned as user and pass instead of String's via toString(), that way we can use crypto.timingSafeEqual(a, b) for comparison?

References:
https://nodejs.org/api/crypto.html#crypto_crypto_timingsafeequal_a_b
nodejs/node#17178