OTOH, maybe we _should_ try for constant computation time and then try for *random* delay time. Remember that _we_ will spend a lot of real time arguing whether the *random* delay is really _random_ Martin G. Diehl _______________________ Reply Separator __________________________ Subject: Re: Timing Cryptanalysis Attack Author: Nathaniel Borenstein <nsb+limbo@nsb.fv.com> at Internet-usa Date: 12/11/95 2:41 PM Hey, don't go for constant time, that's too hard to get perfect. Add a *random* delay. This particular crypto-flaw is pretty easy to fix. (See, I'm not *always* arguing the downside of cryptography!) It is worth noting, however, the extent to which "secure" cryptographic protocols keep needing to get fixed one last time.... -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> | (Tense Hot Alien In Barn) Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON: FAQ & PGP key: nsb+faq@nsb.fv.com | http://www.netresponse.com/zldf