This question is purely theoretical, I have no intention of ever implementing this scheme in practice. I'm familiar with the shortcomings of sleeping as means of mitigating timing attacks. I'm more interested in this from the attacker's perspective.
Consider the following pseudocode running on the server side:
procedure X:
clientInput = ReceiveUntrustedInput()
TimingVulnerableOperation(clientInput, serverSecret)
Sleep(Hash(clientInput + secretSalt))
Here, the execution time of TimingVulnerableOperation
leaks information about the similarity of its inputs (a naive, early terminating password comparison, for example).
Assume Sleep
is at least as granular as the operation itself (a busy cpu loop from 1 to N, for example) and the sleep time is within reasonable bounds.
The attacker can call the procedure with arbitrary inputs any number of times, and measure the execution time with perfect granularity.
Can the attacker obtain any knowledge about serverSecret
or secretSalt
?