Originally posted by discordian
View Post
Announcement
Collapse
No announcement yet.
RdRand Performance As Bad As ~3% Original Speed With CrossTalk/SRBDS Mitigation
Collapse
X
-
Originally posted by Imout0 View PostWhere is Birdie to defend poor Intel?
- Likes 1
Comment
-
Originally posted by numacross View Post
ARM is not immune to those issues either and had a new speculative execution vulnerability disclosed yesterday (whitepaper).
- Likes 2
Comment
-
Originally posted by smotad View PostIs this used in SSL / TLS?
If it is, the impact in web services will be huge.
The Linux kernel for examples samples the timing of random events, such as key-presses, interrupt timings, CPU clock jitter etc to generate the random pool used for /dev/(u)random. Though I believe that if a hardware random number generator such as RDRAND is available, the kernel can take advantage of it in addition to other sources of randomness.
It appears the effect will be much larger on SGX enclaves, as there is no other good source of randomness available inside those. And you wouldn't want to feed randomness in from an external source that the code outside the enclave could observe. I don't expect most end users will care about the SGX use case though.
- Likes 3
Comment
-
The mitigation for this makes RDRAND slower and makes it so you can only call it from one core at a time, so any benchmark that just calls RDRAND repeatedly on multiple threads is going to get crucified. That's not a realistic scenario though, even for encryption workloads or whatever RDRAND is going to be <0.01% of instructions.
Comment
-
Originally posted by Vorpal View Post
It can be used for that. There are other ways to generate cryptographically strong (pseudo)random numbers. After all, we managed just fine before RDRAND was introduced.
The Linux kernel for examples samples the timing of random events, such as key-presses, interrupt timings, CPU clock jitter etc to generate the random pool used for /dev/(u)random. Though I believe that if a hardware random number generator such as RDRAND is available, the kernel can take advantage of it in addition to other sources of randomness.
It appears the effect will be much larger on SGX enclaves, as there is no other good source of randomness available inside those. And you wouldn't want to feed randomness in from an external source that the code outside the enclave could observe. I don't expect most end users will care about the SGX use case though.
Comment
-
Originally posted by smotad View PostIs this used in SSL / TLS?
If it is, the impact in web services will be huge.
Comment
Comment