{"id":50486918,"url":"https://github.com/systemslibrarian/crypto-lab-timing-oracle","last_synced_at":"2026-06-01T23:02:51.486Z","repository":{"id":350752697,"uuid":"1204205319","full_name":"systemslibrarian/crypto-lab-timing-oracle","owner":"systemslibrarian","description":"Browser-based timing side-channel attack demo — string comparison leakage, HMAC verification timing, RSA private key bit leakage, and cache-timing attacks with real performance.now() measurements and constant-time defenses. No backends. No simulated timing.","archived":false,"fork":false,"pushed_at":"2026-04-11T21:46:24.000Z","size":11191,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-11T23:25:29.815Z","etag":null,"topics":["browser","cache-timing","constant-time","cryptanalysis","crypto-lab","cryptography","hmac","kocher","lucky-thirteen","rsa","security","side-channel","timing-attack","typescript","vite"],"latest_commit_sha":null,"homepage":"https://systemslibrarian.github.io/crypto-lab-timing-oracle/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/systemslibrarian.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-07T19:41:44.000Z","updated_at":"2026-04-11T21:46:31.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/systemslibrarian/crypto-lab-timing-oracle","commit_stats":null,"previous_names":["systemslibrarian/crypto-lab-timing-oracle"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/systemslibrarian/crypto-lab-timing-oracle","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-timing-oracle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-timing-oracle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-timing-oracle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-timing-oracle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/systemslibrarian","download_url":"https://codeload.github.com/systemslibrarian/crypto-lab-timing-oracle/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/systemslibrarian%2Fcrypto-lab-timing-oracle/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33797128,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-01T02:00:06.963Z","response_time":115,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser","cache-timing","constant-time","cryptanalysis","crypto-lab","cryptography","hmac","kocher","lucky-thirteen","rsa","security","side-channel","timing-attack","typescript","vite"],"created_at":"2026-06-01T23:02:50.628Z","updated_at":"2026-06-01T23:02:51.469Z","avatar_url":"https://github.com/systemslibrarian.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# crypto-lab-timing-oracle\n\nLive demo: https://systemslibrarian.github.io/crypto-lab-timing-oracle/\n\nTiming Attack · Constant-Time · HMAC · RSA · Cache-Timing\n\n## 1. What It Is\n\n`crypto-lab-timing-oracle` is a browser demo of timing side-channel behavior in string comparison, WebCrypto HMAC-SHA-256 verification, toy RSA arithmetic, and cache-sensitive memory access patterns. It shows vulnerable and constant-time implementations side by side using live browser timing measurements. The core cryptographic primitives in this demo are HMAC-SHA-256 and RSA, while the timing panels illustrate how implementation choices can leak secret-dependent information. HMAC is a symmetric primitive and RSA is an asymmetric primitive, and both are evaluated here under a side-channel threat model where attackers observe timing differences.\n\n## 2. When to Use It\n\n- Use it to teach why constant-time comparison is required for MAC and secret checks, because it makes timing leakage visible with repeatable measurements.\n- Use it in secure coding workshops for HMAC and RSA implementations, because it pairs vulnerable and defensive patterns in one place.\n- Use it when validating threat modeling assumptions for browser-adjacent crypto code, because it demonstrates how timing observations can still reveal patterns even with reduced timer precision.\n- Do not use it as a production cryptography library, because it is an educational demo with intentionally vulnerable code paths.\n\n## 3. Live Demo\n\nLive demo: https://systemslibrarian.github.io/crypto-lab-timing-oracle/\n\nThe demo lets you run timing experiments for string comparison, HMAC verification, RSA exponentiation behavior, and cache access timing. You can change controls such as target secret string, attacker guess string, message, and forged MAC hex, then trigger benchmark runs to compare vulnerable versus constant-time outcomes. Iteration counts and experiment parameters are built into each panel button action rather than exposed as free-form inputs.\n\n## 4. How to Run Locally\n\n```bash\ngit clone https://github.com/systemslibrarian/crypto-lab-timing-oracle.git\ncd crypto-lab-timing-oracle\nnpm install\nnpm run dev\n```\n\nNo environment variables are required.\n\n## 5. Part of the Crypto-Lab Suite\n\nThis demo is part of the larger Crypto-Lab collection at https://systemslibrarian.github.io/crypto-lab/.\n\nSo whether you eat or drink or whatever you do, do it all for the glory of God. — 1 Corinthians 10:31","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-timing-oracle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-timing-oracle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsystemslibrarian%2Fcrypto-lab-timing-oracle/lists"}