Reading of Mr Kochers clever attack brings to mind another way of obtaining the timings it uses, particularly on smartcards and other tamper resistant hardware based crypto devices - but also perhaps on locally accessible (and poorly sheilded) servers. Observing small changes in current drain, radiated rf pulses, ground noise, noise on other pins of the device (eg a smartcard) and other kinds of transient electrical noise generated by an internal processor performing a cyrpto algorithm noise might very well allow one to quite precisely identify when certain sections or loops in the internal code of the device was running. Using this information with Kochar's statistical approach to determining bit values from time variances might make such a tempest attack on protected keys held by such a devices practical even for those of us not privy to the tricks used by the spooks to process tempest data. And it certainly could make available much more timing information per run than just the gross time to complete the crypto operation, in fact it is entirely possible that an accurate timing for each step of the algorithm could be derived from such noise measurements. Dave Emery die@die.com