http://codahale.com/a-lesson-in-timing-attacks/
The lesson is verifying hash codes etc should be in constant time, don't return early.
Hmm, an Executor, with a Future, could be used to process / compare sensitive data, the submitting thread could sleep for a constant period, then wake up & get the result.
Cheers, Peter.
