timing-attacks-anti-pattern
Installation
SKILL.md
Timing Attacks Anti-Pattern
Severity: Medium
Summary
Attackers measure operation timing to extract secrets. Early-exit comparisons leak information: comparing ABCDEF to ABCDEG takes longer than ABCDEF to XBCDEF (more matching characters before mismatch). These timing differences enable character-by-character secret recovery.
The Anti-Pattern
The anti-pattern is comparison functions returning early upon finding differences in sensitive values (passwords, tokens, hashes).
BAD Code Example
# VULNERABLE: String comparison leaking timing information.