Timing Cryptanalysis Attack

[Matt Blaze]

>The trivial way to handle this is simply to check user time with the
>right system calls and make sure it always comes out the same with an
>apropriate number of sleeps.

Of course, this works against a remote adversary, but not against one
on the same machine who can look at actual CPU consumption (which doesn't
increase when the target is blocked).

-matt