Adiletta, Andrew <[email protected]> wrote: > As far as SSH is concerned there are ways to handle synchronization (we > outline them > in the paper). The POC concept we present in the paper should be acceptable > to anybody > who is fluent in the Rowhammer/microarch attack literature.
I disagree. I believe your simulation is fake. > There are numerous results > where the target is slowed down to solve synchronization. We don’t brush > aside or hide > the synchronization issue in the paper but discuss it explicitly. Then why don't you produce exactly such a synchronization without any source code changes, in any actual distribution build system?? It's not that you brush or hide; it is that you overplay the seriousness by providing an entirely synthetic example. Unless your document is amended, non-astute readers in the future will read this as "serious OpenSSH problem" instead of "entirely synthetic and fake demonstration". I think you made a mistake choosing OpenSSH as a demonstration target for reputational benefit, that hand-waving about realistic attacks when you didn't execute one, and I'm calling you out for what is effectively academic malpractice.
