Cryptography

Wycheproof is a documentation skill that teaches developers how to validate cryptographic implementations using test vectors. It covers testing workflows for AES-GCM, ECDSA, ECDH, RSA, and other algorithms, with examples in Python and JavaScript.

A comprehensive guide for auditing cryptographic code for timing side-channel vulnerabilities. It covers constant-time testing theory, common vulnerability patterns like secret-dependent branches and cache-timing attacks, and provides practical workflows using tools like dudect for statistical analysis and timecop for dynamic tracing.

Sharp Edges is a security analysis skill that identifies error-prone APIs, dangerous configurations, and footgun designs that enable developer mistakes. It provides comprehensive reference documentation covering cryptographic API pitfalls, configuration security patterns, authentication footguns, and language-specific sharp edges across 11 programming languages.

This skill helps identify timing side-channel vulnerabilities in cryptographic implementations by analyzing compiled assembly or bytecode for dangerous instructions like variable-time division, secret-dependent branches, and non-constant-time comparisons. It supports C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JavaScript, TypeScript, Python, and Ruby, and provides remediation guidance using patterns like Barrett reduction and constant-time selection.