“Storing zero is consistently about 17% to 18% faster than storing one, both in the region covered by the L3 (up to 6 MiB on my system), and beyond that where we expect misses to RAM...” Uh...https://twitter.com/justincormack/status/1260899139166011392 …
-
-
Replying to @BRIAN_____
To be fair this applies only to full 64-byte zeros.
1 reply 0 retweets 2 likes -
Replying to @real_or_random @BRIAN_____
And yet timing attacks will exist. Waiting for a combination of Genkin
@yuvalyarom@eyalr0 Brumely and the "usual lot" to show the exact details1 reply 0 retweets 0 likes -
Replying to @CryptoOrrDun @BRIAN_____ and
I wouldn't bet on the fact that you can make timing attacks work. I wouldn't bet on the opposite either.
2 replies 0 retweets 2 likes -
Replying to @real_or_random @BRIAN_____ and
Famous Last Words - this has a small chance of generating a side channel.
1 reply 0 retweets 2 likes -
Replying to @CryptoOrrDun @BRIAN_____ and
I guess if you have an encryption algorithm that takes 64 byte messages, copies them in memory and in the end clears out the copy by overwriting with zeros, then you could be able to determine whether the message is 0...0 or not.
3 replies 0 retweets 2 likes -
Replying to @real_or_random @CryptoOrrDun and
It doesn’t need to be 64 byte messages. Imagine a N byte secret plaintext written to a larger buffer (often cache-line-aligned) with all contents zero before, and/or which is zeroed after. You could in theory now test that some (sub)sequence(s) of this plaintext are all zero.
2 replies 0 retweets 1 like
You could also use it to measure the amount of padding if the padding is all-zeroes (as TLS1.3's is). But I suspect that's already leaked in practice by the time to copy the non-padding bytes into application space.
-
-
Replying to @colmmacc @BRIAN_____ and
I'd be more worried about differential techniques against asymmetric algorithms, where one could explore inputs that generate outputs or intermediate values with runs of zeroes and that may leak information about the key.
0 replies 0 retweets 3 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.