[45198] in Cypherpunks
Re: Timing Cryptanalysis Attack
daemon@ATHENA.MIT.EDU (Tom Weinstein)
Mon Dec 11 19:23:54 1995
Date: Mon, 11 Dec 1995 12:58:52 -0800
From: Tom Weinstein <tomw@netscape.com>
To: cypherpunks@toad.com
Perry E. Metzger wrote:
>
> The trivial way to handle this is simply to check user time with the
> right system calls and make sure it always comes out the same with an
> apropriate number of sleeps.
The problem with that approach is that if the system is heavily loaded,
it can take an arbitrarily large amount of user time. Somewhat better
is to sleep for a random amount of time after you're done. That will
smear out the time distribution making it harder to get a statistically
meaningful number of samples. It also increases your latency, but
doesn't hurt throughput on a busy system.
--
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything. -- Washington DC motto | tomw@netscape.com
