[plug] "Hyper-Threading, suffers from a serious security flaw,"
Bernard Blackham
bernard at blackham.com.au
Sat May 14 21:23:24 WST 2005
On Sat, May 14, 2005 at 02:01:28AM +0800, Open Source.Lives wrote:
> Colin Percival, a FreeBSD committer and security team member, has
> The formentioned paper can be downloaded here in pdf format.
http://www.daemonology.net/papers/htt.pdf for anybody interested.
The attack itself is pretty mad - very academically interesting, but
far from trivial to carry out in real world situations. It involves
looking for time-based patterns during an RSA signing operation, to
narrow the possibilities of what the encryption key is (the example
given uses a 1024-bit key and narrows it to searching through 2^202
possibilities).
Yes it does affect every OS running on Intel HT machines (including
Linux) that is utilising HT. But I wouldn't go racing out turning
off HT on all your machines tonight.
Instead I'd be more concerned about this exploit recently released -
http://www.isec.pl/vulnerabilities05.html
Bernard.
--
Bernard Blackham <bernard at blackham dot com dot au>
More information about the plug
mailing list