At 10:30 PM 12/11/95 CST, Martin Diehl wrote:

OTOH, maybe we _should_ try for constant computation time and then try for *random* delay time. Remember that _we_ will spend a lot of real time arguing whether the *random* delay is really _random_

Does it necessarily matter whether the random delay time is true-random? The idea is to obfuscate the time of the whole computation. As long as you don't base your random numbers on the system clock, it should serve its purpose. (I omit the system clock because timing seems to be the nexus of the whole attack, so we can safely assume that the clock's data, and thus its source of "randomness," can be predicted. ----- David E. Smith, c/o Southeast Missouri State University 1210 Towers South, Cape Girardeau MO USA 63701-4745, +1(573)339-3814 PGP ID 0x92732139, homepage http://www.midwest.net/scribers/dsmith/ Quote: "And if we change, well, I'll love you anyway" - Alice In Chains Dec15-Jan15: (618)244-3340/2209 Perkins, Mt Vernon IL 62864