You can't do a timing attack against a password hashed serverside, since you don't control the string being compared enough to make iterated byte-at-a-time changes.
Even if I'm misunderstanding, though, this particular remote timing attack is probably not practical in most programming environments; (for instance) straight C memcmp is below the measurement floor, even with signal processing.
That is a great paper; also, check out Crosby and Wallach for the modernized, math-ier take; with signal processing, the measurement limits are nanoseconds on a switched LAN (ie, if you could get a box deployed in the same hosting center as Blizzard) and tens of milliseconds over the Internet:
There was a nice talk at 28c3 called "time is on my side" by Sebastian Schinzel, specifically about timing attacks over the net; it is pleasingly practical in its approach. He attacks the popular typo3 CMS.
I know you can do timing attacks through the network, it's not even that hard in the simple case.
That paper, like most papers on timing attacks, was done on the local network, not the internet. They're relying on absurdly precise measurements of absolutely tiny differences in timing, which would be lost in the jitter and latency of the real internet.
As I said, you can certainly do internet timing attacks where you're looking for database access, because this can take many milliseconds, which is a delay which can be detected even on a crappy internet link using a bit of light statistics.
Right; I guess my thought is that since a hash with a modest work function can also take many milliseconds, this would be meaningful. Not sure in practice, however.
https://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf