I would agree with the other comment that I suspect it would be impossible to get accurate data for a timing attack over Tor. Not only is the connection slow, but my experience has been that bandwidth and latency can be highly variable.

With enough sampling, it should be possible. Additionally, the values you are trying to infer are pretty small (8 bytes each) so that makes it easier.

Fair point. I'll admit I'm biased because I've messed around with trying time attacks on my vulnerable code in arguably ideal scenarios and haven't had much luck. So the feasibility of this is questionable to me, but I'm willing to accept that it's an issue. In any case, the above block of code should be easily fixable.