← Lessons

quiz vs the machine

Platinum1700

Security

Timing Side Channel Attacks

How tiny differences in response time leak secrets like tokens and keys.

5 min read · advanced · beat Platinum to climb

Secrets In The Clock

A timing side channel leaks information through how long an operation takes rather than its output. If comparing a secret returns faster on the first wrong byte, an attacker can measure timings to recover the secret incrementally.

Where It Shows Up

  • Early exit string comparison of tokens or signatures reveals how many leading bytes matched.
  • Branches or memory access that depend on secret bits change timing.
  • Even small differences are detectable with enough averaged samples.

Defenses

  • Use constant time comparison that always examines every byte.
  • Keep secret dependent branches and table lookups out of cryptographic code.
  • Rely on vetted libraries that already implement constant time primitives.

Key idea

Timing channels turn response time into a leak, so compare secrets in constant time and keep secret dependent branches out of sensitive code.

Check yourself

Answer to earn rating on the learn ladder.

1. What leaks information in a timing side channel?

2. Why is early exit string comparison dangerous for secrets?