cvs commit: src/etc/defaults devfs.rules
Jeroen C.van Gelderen
jeroen at vangelderen.org
Fri Sep 26 10:23:35 PDT 2003
On Friday, Sep 26, 2003, at 13:03 US/Eastern, Nate Lawson wrote:
> On Fri, 26 Sep 2003, Poul-Henning Kamp wrote:
>> Modified files:
>> etc/defaults devfs.rules
>> Log:
>> As far as we know, there is no reason to not expose /dev/crypto in
>> jails so code in there can take advantage of hardware assisted
>> crypto.
>>
>> Revision Changes Path
>> 1.2 +1 -0 src/etc/defaults/devfs.rules
>
> Except for the fact that you don't want to combine access to the TSC
> and
> this paper:
>
> http://citeseer.nj.nec.com/kocher96timing.html
You don't need a TSC source to execute a timing attack because you
don't need absolute timing deltas. Any user program can approximate the
required time deltas by using counters of various sorts; Even loops
will do, albeit less efficiently. Therefore timing attacks can only be
prevented by the crypto device driver / hardware combination. Iff
/dev/crypto allows for timing attacks, /dev/crypto must be fixed.
Quality hardware prevents timing attacks but if the hardware itself
doesn't prevent them you can straightforwardly implement blinding in
the driver.
None of this is limited to jails, the threat exists outside jails too.
You don't want any program, jailed or not, to be able to extract keys
from the hardware.
Cheers,
-J
More information about the cvs-src
mailing list