Analyze code for timing side-channels: constant-time verification for crypto code, detecting secret-dependent branches, and understanding how compilers optimize away constant-time guarantees.
When to use this skill
- Auditing crypto code for timing leaks
- Verifying constant-time operations
- Checking for secret-dependent branches
Core concepts
This skill provides guidance on timing side-channels best practices, patterns, and common pitfalls. It is designed to be loaded on demand when a relevant task is detected.
Installation
curl -LO https://opencode-skills.example/downloads/security/timing-analysis.zip
unzip timing-analysis.zip -d ~/.config/opencode/skills/Restart OpenCode — the skill loads automatically.
When it triggers
- auditing crypto code for timing leaks
- verifying constant-time operations
- checking for secret-dependent branches