I don't think this is correct. The timing attacks here all require extremely high resolution timers, and network + I/O latency would obscure the variance entirely.
People are able to crack poor password comparison implementations over a jittery, latency heavy network. It’s possible to get almost arbitrarily high resolution when doing timing side channel attacks, you’ll just need many more samples.
dymk|6 years ago