From owner-cvs-all@FreeBSD.ORG Sun May 15 20:58:14 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F062A16A4CE; Sun, 15 May 2005 20:58:13 +0000 (GMT) Received: from www.cryptography.com (li-22.members.linode.com [64.5.53.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8BBA143D55; Sun, 15 May 2005 20:58:13 +0000 (GMT) (envelope-from nate@root.org) Received: from [10.0.0.250] (adsl-64-171-184-162.dsl.snfc21.pacbell.net [64.171.184.162]) by www.cryptography.com (8.12.8/8.12.8) with ESMTP id j4FKwCLS028863 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 15 May 2005 13:58:12 -0700 Message-ID: <4287B7E2.8030507@root.org> Date: Sun, 15 May 2005 13:58:10 -0700 From: Nate Lawson User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Colin Percival References: <97079.1116154766@critter.freebsd.dk> <4287AD84.6070600@root.org> <4287B12C.9080903@freebsd.org> In-Reply-To: <4287B12C.9080903@freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: Jacques Vidrine cc: cvs-src@freebsd.org cc: Poul-Henning Kamp cc: src-committers@freebsd.org cc: cvs-all@freebsd.org Subject: Re: cvs commit: src/sys/amd64/amd64 mp_machdep.csrc/sys/amd64/include cpufunc.h src/sys/i386/i386 mp_machdep.c src/sys/i386/include cpufunc.h X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 May 2005 20:58:14 -0000 Colin Percival wrote: > Nate Lawson wrote: >>Every general-purpose machine has measurable timing side channels. The >>question is merely one of bandwidth. > > Absolutely. Most covert channels operate at up to a few kbps; this covert > channel operates at several Mbps. > > The fact that this channel is many times faster than all the other channels > combined makes it not just quantitatively different but also qualitatively > different and deserving of more careful treatment. > > Colin Percival If it only requires 1024 bits to compromise a secret and you have two machines, one with a 1 Kbps channel and one with a 1 Mbps channel, which is secure? On the first machine, the attacker takes 1 second to compromise the entire secret and on the other, 1 millisecond. Depending on your application, both machines are likely insecure. But if the application is designed to resist timing attacks by completely updating the secret every 10 ms, it is secure only on the first machine. This is an oversimplified example but illustrates my point. I think it's fine that we've added a knob to disable hyperthreading. However, since there may be no security gain for any given application, it's unclear that it should be disabled by default. When setting up a multi-user/multi-privilege system, many admins enable jail but we don't ship with the base system set up that way by default. -- Nate