constant-time-testing
constant-time-testing
Catalogue généré le 2026-05-11
En une phrase
Constant-time testing detects timing side channels in cryptographic code.
Quand l'utiliser
- Use when auditing crypto implementations for timing vulnerabilities.
Comment l'invoquer
- Slash command :
/constant-time-testing(si exposé dans ton CLI) - Phrases déclencheurs : voir la description complète ci-dessous
- Auto-invocation : sur demande explicite
Description complète
Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.
Pour aller plus loin
Constant-Time Testing
Timing attacks exploit variations in execution time to extract secret information from cryptographic implementations. Unlike cryptanalysis that targets theoretical weaknesses, timing attacks leverage implementation flaws - and they can affect any cryptographic code.
Background
Timing attacks were introduced by Kocher in 1996. Since then, researchers have demonstrated practical attacks on RSA (Schindler), OpenSSL (Brumley and Boneh), AES implementations, and even post-quantum algorithms like Kyber.
Key Concepts
| Concept | Description |
|---|---|
| Constant-time | Code path and memory accesses independent of secret data |
| Timing leakage | Observable execution time differences correlated with secrets |
(extrait — voir le SKILL.md complet pour la suite)
Source
- Plugin :
trailofbits/testing-handbook-skills - Nom interne :
constant-time-testing - Fichier :
/home/thymon/.claude/plugins/cache/trailofbits/testing-handbook-skills/1.0.1/skills/constant-time-testing/SKILL.md