Randomizing state transitions for one-time authentication tokens

What is claimed is: 1. A method for generating a user authentication passcode, comprising: determining a generation time within an epoch for initiating computation of said user authentication passcode; initiating computation of said user authentication passcode by at least one processing device of an authentication token at said determined generation time, wherein said computation is based on symmetric key cryptography; and providing, by at least one processing device of said authentication token, said user authentication passcode from a memory of said authentication token at an appearance time that is de-coupled from said generation time of said user authentication passcode. 2. The method of claim 1 , wherein said generation time is at a random offset from a start of said epoch. 3. The method of claim 1 , wherein said computation of said user authentication passcode takes a fixed duration of time. 4. The method of claim 1 , wherein a time difference between said appearance time and a completion of said computation of said user authentication passcode comprises a uniformly distributed random variable over a range of values having a finite mean value. 5. The method of claim 1 , wherein said appearance time occurs substantially at an end of said epoch. 6. The method of claim 1 , further comprising the step of precomputing information related to passcode computation within said epoch. 7. The method of claim 1 , wherein said epoch comprises a plurality of pre-computation epochs and wherein a number of user authentication passcodes computed during a given pre-computation epoch is variable. 8. The method of claim 1 , wherein said user authentication passcode is computed based on a state corresponding to a current leaf node in a hierarchical tree, and wherein one or more randomized jitter values are applied to one or more components of said hierarchical tree. 9. The method of claim 1 , wherein one or more jitter values for determining said generation time are selected as portions of pseudorandom information that is pre-computed at a beginning of said epoch. 10. The method of claim 1 , wherein a number of passcodes that are generated per epoch is varied in a random manner. 11. A non-transitory machine-readable recordable storage medium for generating a user authentication passcode, wherein one or more software programs when executed by one or more processing devices implement the steps of the method of claim 1 . 12. The method of claim 1 , wherein said authentication token comprises at least one symmetric key shared with a passcode-receiving authentication server. 13. An apparatus for generating a user authentication passcode, the apparatus comprising: a memory; and at least one hardware device, coupled to the memory, operative to implement the following steps: determine a generation time within an epoch for initiating computation of said user authentication passcode; initiate computation of said user authentication passcode by at least one processing device of an authentication token at said determined generation time, wherein said computation is based on symmetric key cryptography; and provide, by said at least one processing device of said authentication token, said user authentication passcode from a memory of said authentication token at an appearance time that is de-coupled from said generation time of said user authentication passcode. 14. The apparatus of claim 13 , wherein said generation time is at a random offset from a start of said epoch. 15. The apparatus of claim 13 , wherein said computation of said user authentication passcode takes a fixed duration of time. 16. The apparatus of claim 13 , wherein a time difference between said appearance time and a completion of said computation of said user authentication passcode comprises a uniformly distributed random variable over a range of values having a finite mean value. 17. The apparatus of claim 13 , wherein said appearance time occurs substantially at an end of said epoch. 18. The apparatus of claim 13 , wherein said epoch comprises a plurality of pre-computation epochs and wherein a number of user authentication passcodes computed during a given pre-computation epoch is variable. 19. The apparatus of claim 13 , wherein said user authentication passcode is computed based on a state corresponding to a current leaf node in a hierarchical tree, and wherein one or more randomized jitter values are applied to one or more components of said hierarchical tree. 20. The apparatus of claim 13 , wherein one or more jitter values for determining said generation time are selected as portions of pseudorandom information that is pre-computed at a beginning of said epoch. 21. The apparatus of claim 13 , wherein a number of passcodes that are generated per epoch is varied in a random manner. 22. The apparatus of claim 13 , wherein said authentication token comprises at least one symmetric key shared with a passcode-receiving authentication server.