I have been reading about cache side channel attacks and the "Flush+Reload" method came up a decent amount. Before putting forth my question, this is what I understand about the Flush+reload technique.
I understand that if two users (Alice, Bob) run the same program, the typical OS will create a copy of the page tables so that the program is not loaded twice. These are read-only though so all is "fine". If attacker, Bob, can determine which cache lines of the shared memory are in the L3 cache over a period of time, he can possibly determine what cache lines Alice's process accesses overtime. This can be done with the Flush Reload by clearing out the cache and timing how long it takes to read the cache. Very fast = Alice is accessing this piece of memory. Slow = Alice is not accessing this piece of memory. Bob continues to do this overtime to develop a 'baseline' of sorts. Hopefully the majority of my understanding is correct.
I have read how this can be used for programs that have user input. Bob performs the attack on himself with many inputs and calculates the time based on refreshing the cache. He then performs the attack on Alice and basically compares the results to distinguish inputs (high level but this isn't my question).
The majority of my understanding is from here.
My question is, how is this attack any different from a brute force attack or even a timing attack in the context of user input?