cyberneticlibrary
← library

Implement timing-safe secret comparison

aidd-timing-safe-compareskillsetup L1352
paralleldrive/aidd
What it does

Prevent timing-safe secret comparison vulnerabilities

Best for

Catching timing-oracle attacks on authentication tokens before they reach production

Inputs
  • · Code review of secret comparison logic
Outputs
  • · Security finding (CRITICAL if raw compare, correct if SHA3-256 hashed)
Preconditions
  • · Code visible in review
Failure modes
  • · False positive if SHA3 is used correctly
  • · Missed case of XOR tricks
Trust signals
  • · Blocks all raw timingSafeEqual, hmac.compare_digest patterns
  • · Requires SHA3-256 with comment