17 Dec
2003
17 Dec
'03
11:17 p.m.
Kocher says this about padding to constant time:
... If a timer is used to delay returning results until a pre-specified time, attackers may be able to monitor other aspects of the system performance to determine when the cryptographic computation completes.
Perhaps, but an attack would be much more difficult if the monitoring must be done outside the host doing the computation (viewing a router from the outside, say, as Eric Young alludes to), since the scope for covert channels is much reduced. Peter Monta