Sure. It's a timing based attack on based on watching cache misses. If you have a Spy thread running on an HT processor that is also running OpenSSL for example, you can get a picture of the frequency of cache usage and from that reverse engineer the exponents and multipliers used in the RSA exponentiation. Note: You'd definitely need some cryptographic experience for this. From this, you can get about 310 bits of the 512 bit exponent and brute force the rest, which can be done in polynomial time.
The reason HT is vulnerable is because both threads share the cache and context switches can happen at any time. It could on normal non-HT procs too but the context swithces are more likely to flush the cache or not happen as often.
I just watched his talk, and you are on the right track. Your workaround is one he suggested too. It's actually a timing based attack based on watching the cache misses in a spy thread to try and reverse the RSA public key. The interesting thing is this isn't Hyper-Threading only - it's possible on normal procs too that don't flush the cache between context switches. It's just that with HT context switches can be far more common.
This guy is a smart cookie. I just saw his talk. He doesn't come across as arrogant at all. I think his exploit is plausible. It's a timing attack but could allow you to discover a 1024-bit private key in under 5 mins or so if you know what you are doing.
I just saw the talk. Have you considered that he TOLD Intel about it months ago but they wouldn't listen/didn't care? It's not easy to get the ear of a big company when you have discovered a major flaw in their product.
A volume issue?? Apple, who ships thousands of Macs, can't get better volume pricing on RAM than a consumer, who buys one stick? I have trouble with that.
I have an ignorant question from someone who has never registered a domain before. I thought what you were paying for was for DNS service. You need to pay someone else to actually put it on the DNS server? What do you pay for with a domain "registration"?
Then I check slashdot. Great. Just frigging great.
Hmmm... here's an idea. You could stop complaining about finding out new information and having a choice in the matter. If you hadn't found out, you would have bought a current one, had the new one come out in a few weeks then have been outraged.
Part 1: If people had understood how patents would be granted when most of today's ideas were invented and had taken out patents, the industry would be at a complete standstill today
Part 2: The solution is patenting as much as we can.
That's a very odd, but very true non sequitur. Well, unless you want the industry to be at a complete standstill. Which I guess they do; they have everything to lose and nothing to gain.
Huh?? iPod and all other players are capable of playing [sic] the same formats? Reallly!! I thought it might have taken specific hardware/horsepower for certain codecs... i.e. Ogg, WMA, AAC. I don't know of any chipset that plays all of these nor any player that is using this chipset. The iPod and other players are different architectures as much as Xbox and PS2 are different architectures.
Slashdot Mirror
The reason HT is vulnerable is because both threads share the cache and context switches can happen at any time. It could on normal non-HT procs too but the context swithces are more likely to flush the cache or not happen as often.
I just watched his talk, and you are on the right track. Your workaround is one he suggested too. It's actually a timing based attack based on watching the cache misses in a spy thread to try and reverse the RSA public key. The interesting thing is this isn't Hyper-Threading only - it's possible on normal procs too that don't flush the cache between context switches. It's just that with HT context switches can be far more common.
This guy is a smart cookie. I just saw his talk. He doesn't come across as arrogant at all. I think his exploit is plausible. It's a timing attack but could allow you to discover a 1024-bit private key in under 5 mins or so if you know what you are doing.
I just saw the talk. Have you considered that he TOLD Intel about it months ago but they wouldn't listen/didn't care? It's not easy to get the ear of a big company when you have discovered a major flaw in their product.
At least she's hot.
Correct, if by constituents you mean corporations and lobby groups with large bags of money. Like the MPAA.
hehehe. Nice.
Liger on Public Display in Siberian Zoo
A volume issue?? Apple, who ships thousands of Macs, can't get better volume pricing on RAM than a consumer, who buys one stick? I have trouble with that.
Well, I believe that Automatic was the out-of-the-box setting; i.e. the setting that is being used by... maybe 80% of users?
It's hard to say it's getting worse since it's only one company that keeps blatantly offending.
Nice explanation, thanks.
I have an ignorant question from someone who has never registered a domain before. I thought what you were paying for was for DNS service. You need to pay someone else to actually put it on the DNS server? What do you pay for with a domain "registration"?
Dang! Shocks.... pegs..... LUCKY!
Bow to your sensei. BOW TO YOUR SENSEI!!
Who will guard the guards?
No, I am definitely not this legislation.
Locate is far superior to both of them because you can't use either of them right now and this is all speculation.
I don't think it was implied that it would kill it globally.
Hmmm... here's an idea. You could stop complaining about finding out new information and having a choice in the matter. If you hadn't found out, you would have bought a current one, had the new one come out in a few weeks then have been outraged.
Part 2: The solution is patenting as much as we can.
That's a very odd, but very true non sequitur. Well, unless you want the industry to be at a complete standstill. Which I guess they do; they have everything to lose and nothing to gain.
Well, the Sony's do have displays. So I wouldn't say it's an exact price comparison.
Parse error at or near line 1: Expected ; found ||
do() || do_not(); // try();
Parse error at or near line 1: Expected ; found ||
What does that have to do with anything? Do those things use GPL code?
Huh?? iPod and all other players are capable of playing [sic] the same formats? Reallly!! I thought it might have taken specific hardware/horsepower for certain codecs... i.e. Ogg, WMA, AAC. I don't know of any chipset that plays all of these nor any player that is using this chipset. The iPod and other players are different architectures as much as Xbox and PS2 are different architectures.