Constant Time Analysis

Verify that cryptographic secrets are handled in constant time to prevent timing attacks. This skill is essential when reviewing any code that processes sensitive data where execution time could leak information.

When to Use

• Auditing custom cryptographic implementations
• Reviewing secret comparison logic (hashes, signatures, keys)
• Analyzing authentication or verification code
• Checking password/PIN handling
• Reviewing any code where timing could leak secrets

1. Understanding Timing Attacks

The Threat Model

An attacker measures how long operations take to infer secret values:

Comparison: secret[i] == input[i]