An attacker could forge signatures for data that was signed with the SHA-1 HMAC algorithm (the default algorithm) The HMAC verify function leaked timing information based on how long a verify operation took to fail. This allows an attacker to iteratively try various HMAC values and see how long it takes the server to respond. The longer it takes, the more characters he has correct characters. The lesson from this is that crypto flaws can be very subtle, especially when it comes to transitioning from an abstract concept to a concrete implementation.
Source: https://threatpost.com/timing-attack-google-keyczar-library-060209/72738/