> the problem arises when AMD64 takes 9 + k cycles for k bytes of input while cryptographic engineers have tested on IA32e and assumed a constant overhead of 7 cycles.
Why is that a problem? Doesn't that just leak something you could determine by just looking at the CPU type?
That also leaks how many bytes of data are being processed. This sometimes matters.
When checking for a password match you have to check all characters in the.string otherwise you leak where the mismatch was. Even in a properly salted and hashed scheme that makes breaking the password easier.
Why is that a problem? Doesn't that just leak something you could determine by just looking at the CPU type?