This is suggested every time timing attacks are discussed. This is not a good mi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		NeutronBoy on Dec 2, 2014 \| parent \| context \| favorite \| on: There are no good constant-time data structures This is suggested every time timing attacks are discussed. This is not a good mitigation. It increases the number of requests required to complete a timing attack, but in the end all of your rand() calls average out and you still see timing differences.

cousin_it on Dec 3, 2014 [–]

OK, then why not have the sensitive operation always take 100ms? If it finishes early, just sleep until the 100ms mark.

daveloyall on Dec 3, 2014 | [–]

And in case it takes more than 100ms or a widely variable amount of time: https://news.ycombinator.com/item?id=8691076

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact