If this is a timing sidechannel, why is it considered s protocol vulnerability and not an implementation vulnerability? Could it be mitigated by using a time-constant implementation of the KDF?
If this is a timing sidechannel, why is it considered s protocol vulnerability and not an implementation vulnerability? Could it be mitigated by using a time-constant implementation of the KDF?