From owner-freebsd-security@freebsd.org Fri Jan 5 20:32:49 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 156DCEBEF7E for ; Fri, 5 Jan 2018 20:32:49 +0000 (UTC) (envelope-from cameron@ctc.com) Received: from pm4.ctc.com (pm4.ctc.com [147.160.99.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "pm4.ctc.com", Issuer "RapidSSL SHA256 CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D19547CF92 for ; Fri, 5 Jan 2018 20:32:48 +0000 (UTC) (envelope-from cameron@ctc.com) Received: from pps.filterd (pm4.ctc.com [127.0.0.1]) by pm4.ctc.com (8.16.0.21/8.16.0.21) with SMTP id w05KTfSf004990; Fri, 5 Jan 2018 15:32:45 -0500 Received: from server3a.ctc.com ([10.160.17.12]) by pm4.ctc.com with ESMTP id 2f64w2kpaw-1 (version=TLSv1 cipher=AES256-SHA bits=256 verify=NO); Fri, 05 Jan 2018 15:32:45 -0500 Received: from linux116.ctc.com (linux116.ctc.com [10.160.39.116]) by server3a.ctc.com (8.14.4/8.14.4) with ESMTP id w05KWjhV026587; Fri, 5 Jan 2018 15:32:45 -0500 Received: from linux116.ctc.com (localhost [127.0.0.1]) by linux116.ctc.com (8.14.4/8.14.4/Debian-4.1ubuntu1) with ESMTP id w05KWi19028081; Fri, 5 Jan 2018 15:32:44 -0500 Received: (from cameron@localhost) by linux116.ctc.com (8.14.4/8.14.4/Submit) id w05KWikc028080; Fri, 5 Jan 2018 15:32:44 -0500 Date: Fri, 5 Jan 2018 15:32:44 -0500 From: "Cameron, Frank J" To: Andrew Duane Cc: freebsd-security@freebsd.org Subject: Re: Intel hardware bug Message-ID: <20180105203244.GH11964@linux116.ctc.com> References: <736a2b77-d4a0-b03f-8a6b-6a717f5744d4@metricspace.net> <2594.1515141192@segfault.tristatelogic.com> <809675000.867372.1515146821354@mail.yahoo.com> <250f3a77-822b-fba5-dcd7-758dfec94554@metricspace.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Jan 2018 20:32:49 -0000 Andrew Duane wrote: > I wouldn't think Javascript would have the accurate timing required to > leverage this attack, but I don't really know enough about the language. "The performance.now() method returns a DOMHighResTimeStamp, measured in milliseconds, accurate to five thousandths of a millisecond (5 microseconds)." https://developer.mozilla.org/en-US/docs/Web/API/Performance/now "We implemented a clock with a parallel counting thread using the SharedArrayBuffer. ... The resulting resolution is close to the resolution of the native timestamp counter. On our Intel Core i5 test machine, we achieve a resolution of up to 2ns using the shared array buffer. This is equivalent to a resolution of only 4 CPU cycles, which is 3 orders of magnitude better than the timestamp provided by performance.now." https://gruss.cc/files/fantastictimers.pdf ----------------------------------------------------------------- This message and any files transmitted within are intended solely for the addressee or its representative and may contain company proprietary information. If you are not the intended recipient, notify the sender immediately and delete this message. Publication, reproduction, forwarding, or content disclosure is prohibited without the consent of the original sender and may be unlawful. Concurrent Technologies Corporation and its Affiliates. www.ctc.com 1-800-282-4392 -----------------------------------------------------------------