On Mon, 10 Oct 2022 08:21:57 GMT, Ferenc Rakoczi <d...@openjdk.org> wrote:
> ... you only have one chance to measure, so cannot average out noise ... There are cases that one chance is enough to place an attack. We normally don't discuss vulnerability details in public, please send me an email in private if more details is required. > ... than again, you probably have better methods to get to the key than > trying to measure time. I may have to agree that better methods may exist. But better methods do not imply that we can let this method go. ------------- PR: https://git.openjdk.org/jdk/pull/10544
