|
|
|
|
|
|
by rbsn
4222 days ago
|
|
|
How can you actually make sensitive operations take constant time? This sounds impossibly hard. For example, your operating system could be context switching thousands of times per second. Your password comparison function could cause a page fault because the trailing end of the password spans onto another page of virtual memory. These are all factors that would throw any calculation for constant time out of the window. |
|
|
Sorry, it appears that I didn't actually define constant time anywhere. What I really mean is that:
So while actual runtime may vary, it's not varying because of the value of something we want to protect.So it's not about keeping "absolute" time constant, but only the impact of the secret on runtime.