Nate Lawson wrote: > I'm still waiting for what will be done to prevent the attack on > uniprocessor or multi-core machines (shared L2). Continuing to focus on > hyperthreading is like locking the screen door on your submarine.
Exploiting the a cache collision channel through the L2 cache is much harder than through the L1 cache, and is likely impossible under many circumstances (OpenSSL has been fixed to prevent the most easily exploitable cache side channel). In addition, there are other attacks, e.g., using shared branch prediction tables, to which hyperthreaded processors are vulnerable but which do not affect multicore systems at all. Rather than locking the screen door on a submarine, I'd say that a more apt comparison would be turning off a fire hydrant even though a garden hose is still running. I recommend the use of more sophisticated countermeasures against side channel attacks where highly sensitive keying material is concerned; but this does not invalidate the utility of applying such a very simple countermeasure which prevents a very easy attack. Colin Percival _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[EMAIL PROTECTED]"
