side-channels | Skill Performance & Reviews | TopRankSkills

TopRank Skills
Home / Skills / tools / side-channels

side-channels

maintained by amattas

star 1 account_tree 0 verified_user MIT License
bolt View GitHub
Overview Implementation Examples History

name: side-channels description: Timing attacks and other side-channel exploitation techniques

Side-Channel Attacks

Concept: Extract secrets by observing indirect signals (timing, errors, etc.).

Timing Side-Channel

Signals:

  • Comparison that exits early on mismatch
  • Observable response time differences
  • Per-character validation

Why it works:

// Vulnerable: early exit
for (int i = 0; i < len; i++) {
    if (input[i] != secret[i])
        return FAIL;  // Time varies by position
}

Attack Recipe

1. Establish baseline:

Measure response time for known-wrong inputs
Calculate average/median for comparison

2. Byte-by-byte oracle:

For each position:
  For each candidate byte:
    Measure response time (multiple samples)
  Select byte with longest average time

3. Noise reduction:

  • Multiple samples per candidate
  • Use median (more robust than mean)
  • Remove outliers
  • Run from same network as target

Strategies

Local binary:

  • Minimal noise
  • Direct timing measurement
  • Few samples needed

Remote server:

  • Network jitter requires many samples
  • Statistical analysis helps
  • Median over 20-100 samples

Rate limited:

  • Add delays between attempts
  • Prioritize likely characters
  • Parallel connections if allowed

Other Oracles

Error-based:

Different errors reveal different failure modes
- "Invalid length" vs "Bad character" vs "Wrong value"
Each error type leaks information

Padding oracle:

Decrypt ciphertext by observing padding errors
Valid vs invalid padding reveals information

Pitfalls

Issue Solution
High jitter More samples, statistical methods
Flat timing Target uses constant-time comparison
Rate limits Slow down, parallelize
Tiny differences Higher precision timer, more samples

Detection

If all inputs produce same timing regardless of correctness:

  • Target uses constant-time comparison
  • Timing attack won't work
  • Need different approach

chat Comments (0)

chat_bubble_outline

No comments yet. Be the first to share your thoughts!

Skill Details

GitHub Stars 1
GitHub Forks 0
Created Jan 2026
Last Updated 4 months ago
tools tools debugging

Related Skills

fabric

fabric

danielmiessler
star 9.7k
chevron_right
typescript-expert

typescript-expert

vudovn
star 4.2k
chevron_right
break-loop

break-loop

mindfold-ai
star 3.3k
chevron_right
burp-suite

burp-suite

trailofbits
star 2.4k
chevron_right
page-behavior-audit

page-behavior-audit

openclaw
star 2.4k
chevron_right

Build your own?

Join 12,000+ developers contributing to the Claude ecosystem.