> I should think on the contrary that timing attacks would be almost
> impossible in managed code, because the jitter due to GC at upredictable
> times would overwhelm all other considerations.  Indeed, timing simple
> loops in C has become an excellent way of generating entropy quickly,
> because no two CPUs, however similar otherwise, have exactly the same
> timing, and the more modern the CPU, the more true this is.  See <
> https://arxiv.org/ftp/arxiv/papers/1810/1810.00567.pdf>.

That's an interesting point of view (and interesting paper).

I don't really know what I'm talking about but in practice, wouldn't
lots of crypto operations run without GC'ing? GC pauses can wreck the
performance. And isn't it better for performance in general to reserve
lots of RAM for the application and GC more rarely? This could
conceivably reduce entropy from GC in many applications.