Skip to main content

constant-time-testing

constant-time-testing

Catalogue généré le 2026-05-11

En une phrase

Constant-time testing detects timing side channels in cryptographic code.

Quand l'utiliser

  • Use when auditing crypto implementations for timing vulnerabilities.

Comment l'invoquer

  • Slash command : /constant-time-testing (si exposé dans ton CLI)
  • Phrases déclencheurs : voir la description complète ci-dessous
  • Auto-invocation : sur demande explicite

Description complète

Constant-time testing detects timing side channels in cryptographic code. Use when auditing crypto implementations for timing vulnerabilities.

Pour aller plus loin

Constant-Time Testing

Timing attacks exploit variations in execution time to extract secret information from cryptographic implementations. Unlike cryptanalysis that targets theoretical weaknesses, timing attacks leverage implementation flaws - and they can affect any cryptographic code.

Background

Timing attacks were introduced by Kocher in 1996. Since then, researchers have demonstrated practical attacks on RSA (Schindler), OpenSSL (Brumley and Boneh), AES implementations, and even post-quantum algorithms like Kyber.

Key Concepts

Concept Description
Constant-time Code path and memory accesses independent of secret data
Timing leakage Observable execution time differences correlated with secrets

(extrait — voir le SKILL.md complet pour la suite)

Source

  • Plugin : trailofbits/testing-handbook-skills
  • Nom interne : constant-time-testing
  • Fichier : /home/thymon/.claude/plugins/cache/trailofbits/testing-handbook-skills/1.0.1/skills/constant-time-testing/SKILL.md