| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 22 Aug 2009 14:22:52 -0300 From: Henrique de Moraes Holschuh <hmh@....eng.br> To: Pavel Machek <pavel@....cz> Cc: Theodore Tso <tytso@....edu>, David Wagner <daw-news@...berkeley.edu>, linux-kernel@...r.kernel.org Subject: Re: Security: information leaks in /proc enable keystroke recovery On Fri, 21 Aug 2009, Pavel Machek wrote: > /proc/interrupts ? various interfaces powertop uses? > > I did not have chance to read the paper yet, but... does not ssh have > bad problem in that case? I am told that SSH tries it best to take constant time for everything that is even remotely sensitive (or at least, it should)... but it, as well as openssl, gpg, gnutls and libc for that matter, can't really protect themselves from sidechannels and information leaks that show up when one abuses other CPUs (especially if SMT is operational) to gather behaviour data of the other tasks/processes/threads in the system, or when one gets to watch the cache misses, CPU pipeline stalls, etc. I would also expect that *any* timing-related, power-related or cache-/brach-prediction-/pipeline-stall-/CPU-behaviour- related high- and medium-precision statistic to be viable side-channels to leak data. These things are way too subtle to play the "prove it to me then" crap: it often takes a stroke of geniality on top of extreme skill to find, let alone exploit them. Therefore, it is really difficult to say "they don't exist". IMO, it is too hard a problem to try to close for real, but we really should try to have all our crypto be constant-everything as much as we can (constant CPU effort, constant timing, constant memory pattern access), and to clamp the precision of measurements sent to userspace to the strictly needed for them to be useful for system administration, unless the kernel was compiled to expose high-precision statistics for development work. -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists