When Constant-Time Source Code May Not Save You
https://research.kudelskisecurity.com/2017/01/16/when-constant-time-source-may-not-save-you/ [research.kudelskisecurity.com]
2017-01-17 01:32
Once a security design is implemented, whatever effort is put into protecting each part of the code, there still remains a strong possibility of a timing leak. It is virtually impossible to have control over all the parameters at stake. Compiler and processor optimizations, processor specificity, hardware construction, and run-time libraries are all examples of elements that cannot be predicted when implementing at a high level.
source: green