constant-time-analysis
constant-time-analysis
Catalogue généré le 2026-05-11
En une phrase
Detects timing side-channel vulnerabilities in cryptographic code.
Quand l'utiliser
- Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.
Comment l'invoquer
- Slash command :
/constant-time-analysis(si exposé dans ton CLI) - Phrases déclencheurs : voir la description complète ci-dessous
- Auto-invocation : sur demande explicite
Description complète
Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.
Pour aller plus loin
Constant-Time Analysis
Analyze cryptographic code to detect operations that leak secret data through execution timing variations.
When to Use
Concrete triggers:
- User implements signature, encryption, or key derivation
- Code contains
/or%operators on secret-derived values - User mentions "constant-time", "timing attack", "side-channel", "KyberSlash"
- Reviewing functions named
sign,verify,encrypt,decrypt,derive_key
When NOT to Use
- Non-cryptographic code (business logic, UI, etc.)
- Public data processing where timing leaks don't matter
- Code that doesn't handle secrets, keys, or authentication tokens
- High-level API usage where timing is handled by the library
Language Selection
Based on the file extension or language context, refer to the appropriate guide:
| Language | File Extensions | Guide |
(extrait — voir le SKILL.md complet pour la suite)
Source
- Plugin :
trailofbits/constant-time-analysis - Nom interne :
constant-time-analysis - Fichier :
/home/thymon/.claude/plugins/cache/trailofbits/constant-time-analysis/0.1.0/skills/constant-time-analysis/SKILL.md