[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Timing Cryptanalysis Attack
Matt Blaze writes:
> >The trivial way to handle this is simply to check user time with the
> >right system calls and make sure it always comes out the same with an
> >apropriate number of sleeps.
>
> Of course, this works against a remote adversary, but not against one
> on the same machine who can look at actual CPU consumption (which doesn't
> increase when the target is blocked).
True enough, but using busy loops could handle that. However, I must
admit to being far more interested in handling the remote case
efficiently, especially given concerns people have about using
Photuris like systems on heavily pounded servers.
Perry