Timing Cryptanalysis Attack
Tom Weinstein
tomw at netscape.com
Mon Dec 11 22:01:08 PST 1995
Perry E. Metzger wrote:
>
> The trivial way to handle this is simply to check user time with the
> right system calls and make sure it always comes out the same with an
> apropriate number of sleeps.
The problem with that approach is that if the system is heavily loaded,
it can take an arbitrarily large amount of user time. Somewhat better
is to sleep for a random amount of time after you're done. That will
smear out the time distribution making it harder to get a statistically
meaningful number of samples. It also increases your latency, but
doesn't hurt throughput on a busy system.
--
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything. -- Washington DC motto | tomw at netscape.com
More information about the cypherpunks-legacy
mailing list