[nine_k]

I wonder how efficient a counter-measure would be adding small random delays in every part of code, possibly injected at MIR or LLVM level. It might drown any timing information in random noise.

They will definitely lower the performance, but likely a bit slower and more secure connection process is preferable to a less secure one.

[ryanong]

From my current understanding adding random noise doesn’t affect most timing attacks because it is averaged out. I may be wrong though

[dcbadacd]

Making everything fixed-time, no matter how fast, would actually have the needed effect, random noise can be statistically removed.