Date: Sat, 14 May 2005 11:56:30 +1000 From: "Drew B. [Security Expertise/Freelance Security research]." <d4rkstorm@gmail.com> To: das@freebsd.org Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-05:09.htt [REVISED] Message-ID: <245f0df105051318564b1ffb6b@mail.gmail.com> In-Reply-To: <63567.1116000902@critter.freebsd.dk> References: <20050513160714.GB32677@VARK.MIT.EDU> <63567.1116000902@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
So this sounds like trying to solve in the OS a problem that can only be solved in the application. Is there something more subtle that's going on? -> This is a strange but interesting problem, if indeed the SMT is not 'needed' , then perhaps there is something more malicious in the code, (Internally), wich may need more corrections and addressing directly,the FreeBSD team I am sure will know what todo,Im merely suggesting a method. I cannot see an immediate threat,but wouldnt looking into the source code abit more perhaps and see whats going on,and also perhaps some more specifics from that SunOS test would be useful,some info so that the actual multiple memory cache problem itself could be addressed on its own to begin with,localise the problem perhaps, then dissect? Anyhow just a suggestion, It is not really my area so i should poke my nose out now :) Regards, Drew B. On 5/14/05, Poul-Henning Kamp <phk@phk.freebsd.dk> wrote: > In message <20050513160714.GB32677@VARK.MIT.EDU>, David Schultz writes: >=20 > >But isn't this a well-known and fundamental problem with SMT? >=20 > Yes. >=20 > The news being only the speed: you can get 300 bits of the 512 bit > RSA key in a single observation of a single shot run of the crypto. >=20 > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk@FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetenc= e. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.or= g" >=20 --=20 -------------------------------------------------------------------- Drew B. Independant Security analysis,for Aussies. Security researcher/expert,threat-focus,Freelance.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?245f0df105051318564b1ffb6b>