[some_furry]

> But I assume the comment above was suggesting there was something more interesting than the magnitude of the lag.

Nothing insidious, just thought maybe it could have been a typo. But if not, then it's just an amusing coincidence.

Taking 2 years to demonstrate the impact of a difficult or strange cryptographic bug isn't really that interesting in and of itself.

[tptacek]

Right, especially in this case where you can almost just go from TLS library to TLS library saying "hm, this implements P1v15, probably has a timing channel" to get credit for the eventual finding. :)

[some_furry]

Right. In a lot of cases "this implements RSA" and "this wasn't written by Thomas Pornin" is enough to suspect a timing channel. Writing a proof of concept for one is at least an order of magnitude more challenging; at least in my experience. (I am way better at mitigation than exploit development.)

[tptacek]

Everybody is!

[some_furry]

Good to know! (I thought maybe this was just my own biases or weaknesses showing. I've been trying to work on it this year when I have time.)