I thought that the idea of doing a second pass over the exclusive OR of the
input key and then discarding the result was pretty innovative approach. That
way all zeros in the real key would be ones in the second pass and all the
ones in the first pass would be zeros in the second pass. This would make
the amount of time required pretty much the same since there would always be
a constant number of one bits that would be manipulated. Perhaps then also
doing a pass of the algorythm on the time of day would allow some variable
amount of time to be seen that had nothing to do with the key being computed
or how many bits, ones or zeroes, that it contained.
On Thu, 14 Dec 1995, Mike Tighe <tighe @
>>What I don't understand is why the threat could not be trivially
>>eliminated by waiting a fixed time interval for each response.
>>Although this would slow the response down to that of the worst case
>>performance of the algorithm, no data would be available external to
>You could factor out the dead time, so what you would really need to do is
>perform some random number of operations instead. Personally, I think this
>method of attack would be quite far-fetched, but that does not mean you
>should not defend against it if possible.
**** cjolley @
net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****