[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Timing Cryptanalysis Attack
Perry E. Metzger wrote:
>
> The trivial way to handle this is simply to check user time with the
> right system calls and make sure it always comes out the same with an
> apropriate number of sleeps.
The problem with that approach is that if the system is heavily loaded,
it can take an arbitrarily large amount of user time. Somewhat better
is to sleep for a random amount of time after you're done. That will
smear out the time distribution making it harder to get a statistically
meaningful number of samples. It also increases your latency, but
doesn't hurt throughput on a busy system.
--
Sure we spend a lot of money, but that doesn't mean | Tom Weinstein
we *do* anything. -- Washington DC motto | [email protected]