Zum Hauptinhalt springen
Dieser Inhalt ist noch nicht in Ihrer Sprache verfügbar und wird auf Englisch angezeigt.

Constant Time Analysis

Plugin Verifiziert Aktiv
Teil von:Trailofbits

Detect compiler-induced timing side-channels in cryptographic code

1 Skill 0 MCPs
Zweck

To help developers identify and mitigate critical timing side-channel vulnerabilities in cryptographic implementations, ensuring more secure software.

Funktionen

  • Detects timing side-channel vulnerabilities
  • Analyzes multiple languages (C, C++, Go, Rust, PHP, JS, TS, Python, Ruby)
  • Supports various architectures (x86_64, ARM64, RISC-V) and compilers
  • Tests across optimization levels
  • Outputs results in text, JSON, or GitHub Actions annotations

Anwendungsfälle

  • Reviewing cryptographic code for timing side-channel risks
  • Analyzing the impact of compiler optimizations on security
  • Ensuring constant-time implementation of cryptographic algorithms
  • Integrating security checks into CI/CD pipelines for crypto projects

Nicht-Ziele

  • Detecting other types of side-channel attacks (e.g., cache-timing, microarchitectural)
  • Performing dynamic analysis or runtime behavior analysis
  • Analyzing non-cryptographic code
  • Providing automated fixes for detected vulnerabilities

Trust

  • info:Issues Attention13 issues opened and 4 closed in the last 90 days, indicating maintainer engagement but with a closure rate below 50%.

Installation

Zuerst Marketplace hinzufügen

/plugin marketplace add trailofbits/skills
/plugin install constant-time-analysis@trailofbits

Enthält 1 Erweiterungen

Skill (1)

Constant Time Analysis Skill

Detects timing side-channel vulnerabilities in cryptographic code. Use when implementing or reviewing crypto code, encountering division on secrets, secret-dependent branches, or constant-time programming questions in C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, or Ruby.

98

Qualitätspunktzahl

Verifiziert
97 /100
Analysiert about 11 hours ago

Vertrauenssignale

Letzter Commit3 days ago
GitHub-Inhaber trailofbits (opens in new tab)
Sterne5.2k
LizenzCC-BY-SA-4.0
Status
Quellcode ansehen

Ähnliche Erweiterungen

Context7 Plugin

100

Upstash Context7 MCP-Server für die Abfrage aktueller Dokumentationen. Ruft versionsspezifische Dokumentationen und Codebeispiele direkt aus Quell-Repositories in den LLM-Kontext.

Plugin
upstash

C4 Architecture

99

Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation

Plugin
wshobson

Dimensional Analysis

99

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

Plugin
trailofbits

Ruflo Knowledge Graph

99

Knowledge graph construction — entity extraction, relation mapping, and pathfinder graph traversal

Plugin
ruvnet

Protect Mcp

98

Cedar policy enforcement + Ed25519 signed receipts for every Claude Code tool call. First cryptographic governance plugin — receipts independently verifiable offline.

Plugin
wshobson

Signed Audit Trails

95

Teaching skill: signed audit trails for Claude Code tool calls. Cookbook-style walkthrough of Cedar-gated tool calls with Ed25519 receipts, offline verification, and CI/CD integration. Pairs with the protect-mcp plugin.

Plugin
wshobson