This is awesome research, but don't panic. ;] SMT isn't evil here... Fundamentally, secret-dependent control flow has been specifically discouraged and avoided in "constant-time" crypto code for a while now. Upgrade your crypto libraries! The crypto community is really on this.https://twitter.com/CesarPereidaG/status/1058296725419507712 …
SMT is definitely evil here. Constant time may work for crypto, but it does not work for computing in general. Sure, crypto keys are high value and deserve extra protection... but that just means SMT will leak everything except your crypto keys.
-
-
If that is your concern, this is still just a drop in the bucket IMO. There are many, many side channels. But leaking data through side channels from one process to another is far from easy (even on a shared phys core, regardless of channel)... Not much worth it beyond key data.
-
Also, unless you're using VMs, truly malicious code on your physical core is .... a much bigger problem. And if you *are* using VMs, all the major cloud vendors have already isolated your core. All the non cloud VM stacks are on it too. L1TF makes this risk look tiny.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.