Date: Fri, 5 Jan 2018 15:32:44 -0500 From: "Cameron, Frank J" <cameron@ctc.com> To: Andrew Duane <aduane@juniper.net> Cc: freebsd-security@freebsd.org Subject: Re: Intel hardware bug Message-ID: <20180105203244.GH11964@linux116.ctc.com> In-Reply-To: <SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0@SN1PR0501MB2125.namprd05.prod.outlook.com> References: <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com> <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net> <SN1PR0501MB2125B36067CD93A5B95AC74DCE1C0@SN1PR0501MB2125.namprd05.prod.outlook.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Duane wrote: > I wouldn't think Javascript would have the accurate timing required to > leverage this attack, but I don't really know enough about the language. "The performance.now() method returns a DOMHighResTimeStamp, measured in milliseconds, accurate to five thousandths of a millisecond (5 microseconds)." https://developer.mozilla.org/en-US/docs/Web/API/Performance/now "We implemented a clock with a parallel counting thread using the SharedArrayBuffer. ... The resulting resolution is close to the resolution of the native timestamp counter. On our Intel Core i5 test machine, we achieve a resolution of up to 2ns using the shared array buffer. This is equivalent to a resolution of only 4 CPU cycles, which is 3 orders of magnitude better than the timestamp provided by performance.now." https://gruss.cc/files/fantastictimers.pdf ----------------------------------------------------------------- This message and any files transmitted within are intended solely for the addressee or its representative and may contain company proprietary information. If you are not the intended recipient, notify the sender immediately and delete this message. Publication, reproduction, forwarding, or content disclosure is prohibited without the consent of the original sender and may be unlawful. Concurrent Technologies Corporation and its Affiliates. www.ctc.com 1-800-282-4392 -----------------------------------------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20180105203244.GH11964>