>The trivial way to handle this is simply to check user time with the >right system calls and make sure it always comes out the same with an >apropriate number of sleeps. Of course, this works against a remote adversary, but not against one on the same machine who can look at actual CPU consumption (which doesn't increase when the target is blocked). -matt