constant-time-analysislisted

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.
26zl/cybersec-toolkit · ★ 6 · AI & Automation · score 73

Install: claude install-skill 26zl/cybersec-toolkit

# Constant-Time Analysis Analyze cryptographic code to detect operations that leak secret data through execution timing variations. ## When to Use ```text User writing crypto code? ──yes──> Use this skill │ no │ v User asking about timing attacks? ──yes──> Use this skill │ no │ v Code handles secret keys/tokens? ──yes──> Use this skill │ no │ v Skip this skill ``` **Concrete triggers:** - User implements signature, encryption, or key derivation - Code contains `/` or `%` operators on secret-derived values - User mentions "constant-time", "timing attack", "side-channel", "KyberSlash" - Reviewing functions named `sign`, `verify`, `encrypt`, `decrypt`, `derive_key` ## When NOT to Use - Non-cryptographic code (business logic, UI, etc.) - Public data processing where timing leaks don't matter - Code that doesn't handle secrets, keys, or authentication tokens - High-level API usage where timing is handled by the library ## Language Selection Based on the file extension or language context, refer to the appropriate guide: | Language | File Extensions | Guide | | ---------- | --------------------------------- | -------------------------------------------------------- | | C, C++ | `.c`, `.h`, `.cpp`, `.cc`, `.hpp` | [references/compiled.md](references/compiled.md) | | Go | `.go`