[plug] "Hyper-Threading, suffers from a serious security flaw,"

Senectus . senectus at gmail.com
Sat May 14 22:30:56 WST 2005

On 5/14/05, Bernard Blackham <bernard at blackham.com.au> wrote:
> On Sat, May 14, 2005 at 02:01:28AM +0800, Open Source.Lives wrote:
> > Colin Percival, a FreeBSD committer and security team member, has
> > The formentioned paper can be downloaded here in pdf format.
> http://www.daemonology.net/papers/htt.pdf for anybody interested.
> The attack itself is pretty mad - very academically interesting, but
> far from trivial to carry out in real world situations. It involves
> looking for time-based patterns during an RSA signing operation, to
> narrow the possibilities of what the encryption key is (the example
> given uses a 1024-bit key and narrows it to searching through 2^202
> possibilities).
> Yes it does affect every OS running on Intel HT machines (including
> Linux) that is utilising HT. But I wouldn't go racing out turning
> off HT on all your machines tonight.
> Instead I'd be more concerned about this exploit recently released -
> http://www.isec.pl/vulnerabilities05.html
> Bernard.
Besides, it only really affects multi user systems.. I don't think
I've ever seen anyone use a HT enabled processor in a server.
Certainly I've never seen IBM or HP sell one as a solution.

Ubuntu Hoary 5.04 
Our OS who art in CPU, LINUX be thy name. Thy programs run, thy
syscalls done, In kernel as it is in user!

More information about the plug mailing list