Subject: Re: working around that hyperthreading timing attack?
To: Hubert Feyrer <hubert@feyrer.de>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-security
Date: 05/24/2005 19:38:26
In message <Pine.GSO.4.61.0505242306040.1221@rfhpc8317>, Hubert Feyrer writes:
>
>According to [1], ``FreeBSD, NetBSD and SCO have all issued workarounds 
>for the flaw.'' (where "the flaw" is the timing problems described the 
>past few days.
>
>My question is, can someone remind me what code was affected for this, 
>maybe an URL to a source-changes mail?
>

The "fix" is to turn off hyperthreading -- on FreeBSD, that can be done 
after booting.  The crypto theory folk are still working on a real fix.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb