On Jul 26, 2010, at 10:28 AM, Neil Schemenauer wrote:

> On Mon, Jul 26, 2010 at 10:08:18AM -0400, Binger David wrote:
>> What if hash lookup failures do no return until they have completed
>> a randomized time-obscuring operation?
>
> That makes the attack more difficult (more attempts needed) but
> doesn't prevent it.

Okay, what if the algorithm ensures that some
fixed amount of time passes for hash lookup failures?

record time
try lookup
if fail, sleep until time + 1s