Learn the vocabulary of recovering secrets from indirect physical signals like timing rather than breaking the underlying math.
0 / 5 completed
1 / 5
A teammate explains that an attacker recovers a secret cryptographic key not by breaking the cipher's math, but by measuring how long different operations take or how much power the chip draws while processing different key bits. What is this class of attack called?
A side-channel attack is exactly this: instead of breaking the cipher's underlying mathematics, the attacker measures an indirect physical signal, such as execution timing, power consumption, or electromagnetic emissions, that leaks information correlated with the secret key's bits. A hash collision is an unrelated hash-table concept about two keys sharing a bucket. This exploit-a-physical-leak-instead-of-the-math approach is exactly why constant-time implementations exist for cryptographic code handling secret keys.
2 / 5
During a security review, the team discovers that a cryptographic comparison function returns early as soon as it finds a mismatched byte, causing comparisons against a correct prefix to take measurably longer than comparisons against an entirely wrong value. Which risk does this represent?
This represents a timing side-channel vulnerability, since the early-return behavior lets an attacker infer correct key bytes one at a time by measuring how long each guess takes. A comparison function that always takes constant time regardless of where a mismatch occurs would give the attacker no exploitable timing signal at all. This early-return-leaks-timing behavior is exactly why cryptographic comparisons are written to run in constant time rather than short-circuiting on mismatch.
3 / 5
In a code review, a dev notices a function comparing a user-supplied authentication token against the stored secret uses a standard string-equality check that exits as soon as the first differing character is found. What does this represent?
This is a side-channel vulnerability, since the early-exit comparison leaks timing information an attacker could use to guess the secret token one character at a time. A cache eviction policy is an unrelated concept about discarded cache entries. This early-exit-string-comparison pattern is exactly the kind of timing leak a reviewer flags once a comparison involves a secret value.
4 / 5
An incident report shows an attacker recovered a full authentication token byte by byte, by repeatedly submitting guesses and measuring which guesses caused the comparison function to take marginally longer before returning false. What practice would prevent this?
Replacing the early-exit comparison with a constant-time comparison function ensures the time taken never depends on how many leading characters happen to match, closing off the timing side channel. Continuing to use the early-exit string-equality check regardless of how measurably its timing varies with the number of matching leading characters is exactly what let the attacker recover the token in this incident. This constant-time-comparison approach is the standard fix once a timing side channel is confirmed to leak secret information.
5 / 5
During a PR review, a teammate asks why the team insists on constant-time comparisons for secrets instead of the standard library's regular string-equality function, given that the standard function is simpler and already available. What is the reasoning?
A constant-time comparison trades a small amount of always-full-length work for eliminating a timing side channel, while the standard early-exit comparison is simpler but leaks timing information proportional to how many leading characters match. This is exactly why constant-time comparisons are mandatory for secrets like tokens and keys, while the standard early-exit comparison remains fine for comparing non-secret values where no side channel is a concern.