contermeasure

presumably, it makes the time it takes to process more random, so it can't be used for timing attacks

Cryptic...get it?

I understood the article just fine...I was making a wordplay on "cryptic"...perhaps the joke alert would have been a more appropriate icon.

i understand the article so well that I wonder why they don't use a random delay in the algorithm, rather than a set time to compute. The random delay would be interesting, because attackers would not know if they were facing an encryption algorithm that was vulnerable to such attacks, or one that was smart enough to randomly delay. As such, they may waste time attempting timing attacks.

Random is not random

Most random number generation is itself predictable, so a badly implemented random delays would probably give you an entry into the system.

The only random delay that would work and prevent intrusion is adding a random amount onto a fixed delay which is guaranteed to be longer than the time to compute, thus completely hiding the compute time.

Nope.

No this is the result of a ladder function being directly sensitive to the length of the input. Probably done in an effort to make the ladder function as fast as possible, rather than as consistent as possible. (I.e, it's not timing as in when you make the request, but timing as in how long the request takes to process.)

Their fix makes the ladder function consistent. Me, I'd fix it by adding a random delay adjusted for the input length, thereby teasing fuzzers with what initially looks like it might be a timing exploit candidate but leads to garbage. But I'm a jerk.

Not so anonymous

Lol.

a

thats funny posted first time then Anonymous (you not want to post your name)

still he still does have an point ()