[plug] "Hyper-Threading, suffers from a serious security flaw,"

Senectus . senectus at gmail.com
Sat May 14 22:30:56 WST 2005


On 5/14/05, Bernard Blackham <bernard at blackham.com.au> wrote:
> On Sat, May 14, 2005 at 02:01:28AM +0800, Open Source.Lives wrote:
> > Colin Percival, a FreeBSD committer and security team member, has
> > The formentioned paper can be downloaded here in pdf format.
> 
> http://www.daemonology.net/papers/htt.pdf for anybody interested.
> 
> The attack itself is pretty mad - very academically interesting, but
> far from trivial to carry out in real world situations. It involves
> looking for time-based patterns during an RSA signing operation, to
> narrow the possibilities of what the encryption key is (the example
> given uses a 1024-bit key and narrows it to searching through 2^202
> possibilities).
> 
> Yes it does affect every OS running on Intel HT machines (including
> Linux) that is utilising HT. But I wouldn't go racing out turning
> off HT on all your machines tonight.
> 
> Instead I'd be more concerned about this exploit recently released -
> http://www.isec.pl/vulnerabilities05.html
> 
> Bernard.
Besides, it only really affects multi user systems.. I don't think
I've ever seen anyone use a HT enabled processor in a server.
Certainly I've never seen IBM or HP sell one as a solution.

-- 
Ubuntu Hoary 5.04 
Our OS who art in CPU, LINUX be thy name. Thy programs run, thy
syscalls done, In kernel as it is in user!
http://www.modmeup.net



More information about the plug mailing list