[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Timing Cryptanalysis Attack




> Nathaniel Borenstein <[email protected]> writes:
> Hey, don't go for constant time, that's too hard to get perfect.  Add a
> *random* delay.  This particular crypto-flaw is pretty easy to fix. 
> (See, I'm not *always* arguing the downside of cryptography!)

Random delay may be harder to get perfect than constant time.  Note that
the actual time for the transaction is the minimum of all the transaction
times you measure, since you can't add a negative delay to them.  It's
presumably even easier if the random distribution is known.  Adding a
random delay means more transactions are required to find each new bit,
but information is still leaking.

> It is worth noting, however, the extent to which "secure" cryptographic
> protocols keep needing to get fixed one last time....  -- Nathaniel

Amen...

	Jim Gillogly
	Trewesday, 21 Foreyule S.R. 1995, 19:16