cvs commit: src/sys/amd64/amd64 mp_machdep.csrc/sys/amd64/include
cpufunc.h src/sys/i386/i386 mp_machdep.c src/sys/i386/include cpufunc.h
Nate Lawson
nate at root.org
Sat May 14 11:48:46 PDT 2005
Colin Percival wrote:
> I ended up putting hyperthreading_allowed under machdep rather than security
> because 4.x doesn't have a security sysctl node, but the name was chosen to
> emphasize that hyperthreading is currently something dangerous which should
> be permitted only under certain circumstances, rather than a feature which
> can be enabled or disabled however you like.
>
> Colin Percival
That is at best, hyperbole. Crypto implementations which properly
implement blinding or operate in constant time are not vulnerable.
Disabling HTT only decreases the quality of measurement, requiring more
measurements. It does not prevent the attack. As you point out in your
paper (and in the D. Bernstein article you cited), there is no easy
solution and straightforward crypto implementations running on
general-purpose platforms will continue to be vulnerable until proper
blinding or constant time operations are implemented.
Additional references (not cited):
"Remote timing attacks are practical"; D. Boneh and D. Brumley
http://crypto.stanford.edu/~dabo/abstracts/ssl-timing.html
"Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and
Other Systems"; P. Kocher
http://citeseer.ist.psu.edu/kocher96timing.html
--
Nate
More information about the cvs-all
mailing list