Hacker Read

foobarian · 2020-02-04 23:18:23+00:00

That's what I mean by more touchy. I think you also can't do this without messing with system integrity protection. And, "1" is the lowest it can go which is not that low IMO. :)

michaericalribo | karma 1115 | avg karma 4.08 · | 2021-02-04 16:49:55+00:00

That’s not every minor bump, though, and is worth the extra effort!

Also, my use case is 100% non critical from a security standpoint, so I can afford to be careless... your point definitely stands in sensitive environments

reply

sliverstorm | karma 24708 | avg karma 2.23 · | 2011-12-18 21:13:26+00:00

I would guess the concerns are less about corrupting results, and more about leakage power and switching speed. If you have a very leaky pulldown, switching to "1" is going to be slower.

yardstick | karma 1922 | avg karma 2.23 · | 2021-03-13 03:07:32

Could use none. Low because if something changes elsewhere and we inadvertently start using RSA by accident, for example. But yeah if it’s not med/high it’s not necessary to fix. Maybe some mitigation where appropriate.

ihattendorf | karma 712 | avg karma 2.74 · | 2021-08-06 11:25:20

Careful with this, the increased resistance can damage systems that aren't designed for it.

dpedu | karma 1201 | avg karma 2.82 · | 2018-06-11 07:52:19+00:00

True, though it is much easier to damage a pin-based CPU in the first place.

pretendscholar | karma 770 | avg karma 2.28 · | 2024-06-05 19:35:03

They are in 0g environments presumably having 1-6th isn't as bad and there might be ways to prevent/mitigate those issues.

tptacek | karma 394296 | avg karma 6.04 · | 2022-09-29 13:52:05

As I understand it, generally the big issue between 25519 and things like 448 is that you want the security level of your curve to meet the security level of the rest of your system, or else the extra work you're doing in the rest of your system is for nothing.

5ilv3r | karma 698 | avg karma 1.85 · | 2016-06-02 22:23:32+00:00

Downgrading the component to before the introduction of the flaw would be safer by far.

mark-r | karma 5759 | avg karma 1.62 · | 2020-01-30 18:34:20+00:00

An SSD cell could actually be more susceptible, since it stores multiple bits by using multiple voltage thresholds - it takes much less perturbation to change the value. Cell size might make a big difference though, and I don't know how those compare.

eksith | karma 5196 | avg karma 3.31 · | 2013-05-26 04:00:46+00:00

Yes, every particle crossing the copper can create an anomalous signal that can switch a 0 to 1 or visa versa. If you have enough of those, the program(s) will eventually crash. On the processors themselves the L1/L2 caches are vulnerable, but beyond that, the ROM could also get corrupted making hard resets impossible even after a crash.

Fiber optic cables aren't immune to this either : http://misspiggy.gsfc.nasa.gov/tva/meldoc/cabass/rad.htm

reply

nickik | karma 5493 | avg karma 1.17 · | 2012-01-30 22:55:41+00:00

You too might be intressted in the link I posted above. Its about building safe hardware (and software), but I don't think its completly safe to anykind of random bit-flips.

dmitrygr | karma 11233 | avg karma 3.24 · | 2016-06-22 19:54:15+00:00

That's actually pretty cool! But really same mitigation should just happen on the normal syscall path for an even smaller perf impact.

modeless | karma 36822 | avg karma 6.69 · | 2018-05-30 23:09:25+00:00

I'm talking about a hardware mitigation that would allow software isolation to work again, without disabling speculation.

chrisseaton | karma 36438 | avg karma 2.64 · | 2022-10-19 03:49:57

No the other way around - easily emittable, letting the backend in turn do the heavy lifting to lower it.

tomcam | karma 20387 | avg karma 2.53 · | 2020-09-02 21:04:50+00:00

Reread this amazing answer a few more times. Humbling. Also just concluded that I literally know only enough about hardware to be dangerous. Thanks once more.

dimino | karma 382 | avg karma 0.5 · | 2016-06-02 22:34:51+00:00

That is an interesting idea, and on first blush I do think it'd be safer, but it does rely on figuring out exactly when the flaw was introduced, and will result in the "YoYoing" of features, which is confusing from a consumer standpoint.

fixermark | karma 5217 | avg karma 2.47 · | 2015-09-21 18:08:58+00:00

> But is "harder" and "slower" better? Or it just gives humans more time to correct errors?

For risk mitigation, these are somewhat equivalent. There's a reason critical switches get molly-guarded.

reply

RantyDave | karma 1055 | avg karma 1.83 · | 2019-07-08 11:29:50

Regarding [1], I think there's pain to be had with memory barriers and such like unless one is very careful. In short, they're expensive.

escape_goat | karma 1285 | avg karma 3.58 · | 2015-12-21 05:59:00+00:00

That's a system that would still be entirely vulnerable to collision attacks, though, right?