constant-time-testing
Detects timing side channels in cryptographic code to enhance security during audits of crypto implementations.
Based on a skill by@majiayu000
Install this skill
or
88/100
Security score
The constant-time-testing skill was audited on Mar 21, 2026 and we found 12 security issues across 1 threat category. Review the findings below before installing.
Categories Tested
Security Issues
low line 15
External URL reference
SourceSKILL.md
| 15 | Timing attacks were introduced by [Kocher](https://paulkocher.com/doc/TimingAttacks.pdf) in 1996. Since then, researchers have demonstrated practical attacks on RSA ([Schindler](https://link.springer. |
low line 59
External URL reference
SourceSKILL.md
| 59 | **Array access** dependent on secrets enables cache-timing attacks, as shown in [AES cache-timing research](https://cr.yp.to/antiforgery/cachetiming-20050414.pdf). |
low line 63
External URL reference
SourceSKILL.md
| 63 | When patterns cannot be avoided, employ [masking techniques](https://link.springer.com/chapter/10.1007/978-3-642-38348-9_9) to remove correlation between timing and secrets. |
low line 160
External URL reference
SourceSKILL.md
| 160 | - [Memsan](https://clang.llvm.org/docs/MemorySanitizer.html): [Tutorial](https://crocs-muni.github.io/ct-tools/tutorials/memsan) |
low line 248
External URL reference
SourceSKILL.md
| 248 | [Timecop](https://post-apocalyptic-crypto.org/timecop/) wraps Valgrind to detect runtime operations dependent on secret memory regions. |
low line 487
External URL reference
SourceSKILL.md
| 487 | **[These results must be false: A usability evaluation of constant-time analysis tools](https://www.usenix.org/system/files/sec24fall-prepub-760-fourne.pdf)** |
low line 490
External URL reference
SourceSKILL.md
| 490 | **[List of constant-time tools - CROCS](https://crocs-muni.github.io/ct-tools/)** |
low line 493
External URL reference
SourceSKILL.md
| 493 | **[Paul Kocher: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems](https://paulkocher.com/doc/TimingAttacks.pdf)** |
low line 496
External URL reference
SourceSKILL.md
| 496 | **[Remote Timing Attacks are Practical (Brumley & Boneh)](https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf)** |
low line 499
External URL reference
SourceSKILL.md
| 499 | **[Cache-timing attacks on AES](https://cr.yp.to/antiforgery/cachetiming-20050414.pdf)** |
low line 502
External URL reference
SourceSKILL.md
| 502 | **[KyberSlash: Division Timings Leak Secrets](https://eprint.iacr.org/2024/1049.pdf)** |
low line 507
External URL reference
SourceSKILL.md
| 507 | - [Trail of Bits: Constant-Time Programming](https://www.youtube.com/watch?v=vW6wqTzfz5g) - Overview of constant-time programming principles and tools |
Scanned on Mar 21, 2026
View Security Dashboard