Intel hardware bug
Cameron, Frank J
cameron at ctc.com
Fri Jan 5 20:32:49 UTC 2018
Andrew Duane wrote:
> I wouldn't think Javascript would have the accurate timing required to
> leverage this attack, but I don't really know enough about the language.
"The performance.now() method returns a DOMHighResTimeStamp, measured
in milliseconds, accurate to five thousandths of a millisecond (5
microseconds)."
https://developer.mozilla.org/en-US/docs/Web/API/Performance/now
"We implemented a clock with a parallel counting thread using the
SharedArrayBuffer. ... The resulting resolution is close to the resolution
of the native timestamp counter. On our Intel Core i5 test machine, we
achieve a resolution of up to 2ns using the shared array buffer. This
is equivalent to a resolution of only 4 CPU cycles, which is 3 orders
of magnitude better than the timestamp provided by performance.now."
https://gruss.cc/files/fantastictimers.pdf
-----------------------------------------------------------------
This message and any files transmitted within are intended
solely for the addressee or its representative and may contain
company proprietary information. If you are not the intended
recipient, notify the sender immediately and delete this
message. Publication, reproduction, forwarding, or content
disclosure is prohibited without the consent of the original
sender and may be unlawful.
Concurrent Technologies Corporation and its Affiliates.
www.ctc.com 1-800-282-4392
-----------------------------------------------------------------
More information about the freebsd-security
mailing list