← Back to Labs

Timing Oracle Simulator

Recover a secret from response-time variance, then remove the signal with constant-time verification.

victim check
compare user token against secret
attacker model
many retries + average latency
0x2A
9.6 ms
0x6F
9.7 ms
0x91
9.8 ms
0xC4
9.7 ms
Step 1 / 5The server compares bytes until the first mismatch

A bad compare function exits early. Wrong guesses with a short matching prefix return faster than guesses that match more bytes.

Arrow keys to navigate · R to reset

Tap dots to jump to any step

Read the full article →Take the quiz →