On Fri, 1 Dec 2006, Arjan van de Ven wrote:
>
> I would suggest you drop the patch; openssl has been long fixed, and it
> was only a theoretical attack in the first place...
> I'm not saying the attack isn't something that should be addressed.. but
> it is, and disabling hyperthreading is not the right fix.
I concur. A lot of these "timing attacks" may be slightly easier on HT
CPU's than other CPU's, but they are still pretty damn theoretical (the
more recent branch predictor one is even more so, since it apparently
requires access to the branch predictor state itself, which you need
CPL0 to get - and once you have CPL0, why the hell bother with the branch
predictors at all, since you might as well just read the state directly
from the process..)
People are a hell of a lot better at worrying about unrealistic attacks
that they don't understand and thus sound scary, than about worrying about
the simple things ("You mean my password shouldn't be my pets name, taped
to my monitor? Really? And I wasn't supposed to give it out just because
that nice man gave me chocolate?")
So I think people have blown those SSL timing attacks _way_ out of
proportion, just because it sounds technical and cool.
Besides, most of the time you can disable HT in the BIOS, which is better
anyway if you don't want it.
Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
