Hacker News new | ask | show | jobs
by avianes 1472 days ago
I do not understand how you want to mitigate this issue by using the "context" given that the attack demonstration is done with a source code that makes use of the "context". The attack is fully context-agnostic since the "PACMAN gadget" in victim's code is injecting the "context" by itself.

The root of the problem is the small hash size and the fact that you can "suppress" failed hash check effects to bruteforce the hash. (it's expected that a failed hash check will cause a crash, which was intended to prevent bruteforcing)
1 comments
salawat 1470 days ago
Speculative exec ruins everything again.

I get the performance gainz, but when are we going to get past the formal fallacy that executing any instruction we don't need to based on actual flow is de facto a complete violation of user expectations and therefore completely unsafe to do.

Like every lay person I explain speculative execution seems to be able to recognize that a pipeline stall to figure out what a value actually is just the way to go.

Hell, my personal sanity check with computing is that there must exist a humans only implementation that correlates to a good computing primitive.

Nowhere on Earth, will you find an organization that will execute both sides of a conditional process requiring hunans to do the work just to throw away the result. Not taken.

Oh wait... Finance does it with Hedges...

Frigging finance. Ruins everything for everyone.

link
avianes 1469 days ago
> Nowhere on Earth, will you find an organization that will execute both sides of a conditional process requiring hunans to do the work just to throw away the result. Not taken.

Speculative execution today (within modern high-end processor) does not execute both sides of a conditional branch.

It would indeed be a waste of power and it would be a much more complex micro-architecture.

Modern speculative OoO processors execute a single path and simply relies on the branch predictor accuracy. And they are pretty accurate, on the order of 3 misspredictions every 1000 instructions. The power consumption in unnecessary work due to a missprediction is quite low.

Modern processors consume much of their power in Out-of-Order instruction scheduling.

link
salawat 1468 days ago
Looks like I need to go through Patterson and Hennessy again.

As I was fairly sure that as many computations were done as possible in the same cycle with the ditching of "not the case" results on subbsequent cycles, but I'll be the first to admit I haven't synced on the bleeding edge lit recently. And sipping power has become much more of a concern in recent years, do I may be due for a refresh anyway.

My favorite past time if the statistics are to be believed.

link