17 Dec
2003
17 Dec
'03
11:17 p.m.
Hey, don't go for constant time, that's too hard to get perfect. Add a *random* delay. This particular crypto-flaw is pretty easy to fix. (See, I'm not *always* arguing the downside of cryptography!) It is worth noting, however, the extent to which "secure" cryptographic protocols keep needing to get fixed one last time.... -- Nathaniel -------- Nathaniel Borenstein <nsb@fv.com> | (Tense Hot Alien In Barn) Chief Scientist, First Virtual Holdings | VIRTUAL YELLOW RIBBON: FAQ & PGP key: nsb+faq@nsb.fv.com | http://www.netresponse.com/zldf