Serhiy Storchaka <storchaka+cpyt...@gmail.com> added the comment:
AFAIK Spectre attacks rely on precise time measures. But Python is very far from bare hardware. Pure Python code is 10-100 times slower than compiled C or jitted JavaScript, and the variance is high, so it is hard to get stable results in benchmarks. Simple a=b+c can causes execution of hundreds or thousands of microprocessor instructions, numerous memory read and write operations, calling many subroutines, memory allocations and deallocations. I have doubts that it is practical to use Spectre attacks on pure Python. Of course, if you use high-performance extensions to work with sensitive data, they can be vulnerable to attack if the attacker code is in the other extension. You can counteract this by building that extensions with a C compiler which implements workarounds. ---------- nosy: +serhiy.storchaka _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue42322> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
