timing-attacks-anti-pattern
CommunityPrevent secret leaks via timing.
Software Engineering#code review#security#vulnerability#secrets management#timing attacks#constant time
Authorigbuend
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill protects against attackers who exploit the time it takes for your code to compare sensitive information (like passwords or tokens) to infer those secrets.
Core Features & Use Cases
- Constant-Time Comparison: Ensures that comparisons of secrets take the same amount of time regardless of whether they match or where the mismatch occurs, preventing timing side-channels.
- Secure Authentication & Authorization: Crucial for any code that verifies passwords, API keys, session tokens, or cryptographic signatures.
- Use Case: When verifying a user's password or an API key, this skill ensures that an attacker cannot determine the secret character by character by measuring response times.
Quick Start
Use the timing-attacks-anti-pattern skill to review a Python function that compares two strings for equality.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: timing-attacks-anti-pattern Download link: https://github.com/igbuend/grimbard/archive/main.zip#timing-attacks-anti-pattern Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.