- Joined
- Jun 10, 2014
- Messages
- 2,995 (0.78/day)
Processor | AMD Ryzen 9 5900X ||| Intel Core i7-3930K |
---|---|
Motherboard | ASUS ProArt B550-CREATOR ||| Asus P9X79 WS |
Cooling | Noctua NH-U14S ||| Be Quiet Pure Rock |
Memory | Crucial 2 x 16 GB 3200 MHz ||| Corsair 8 x 8 GB 1333 MHz |
Video Card(s) | MSI GTX 1060 3GB ||| MSI GTX 680 4GB |
Storage | Samsung 970 PRO 512 GB + 1 TB ||| Intel 545s 512 GB + 256 GB |
Display(s) | Asus ROG Swift PG278QR 27" ||| Eizo EV2416W 24" |
Case | Fractal Design Define 7 XL x 2 |
Audio Device(s) | Cambridge Audio DacMagic Plus |
Power Supply | Seasonic Focus PX-850 x 2 |
Mouse | Razer Abyssus |
Keyboard | CM Storm QuickFire XT |
Software | Ubuntu |
The problem here is many people automatically conclude that since there is a leak of information, that information can be sensitive, and then jump to the worst case example of sensitive data, forgetting if that kind of data can be stored there in the first place. And you're right, encryption keys will not be stored in the FPU state register.Quick question. Why the hell is an encryption key stored in a FP register? You need exact math for crypto which usually means integer/fixed point.
<snip>
Note how neither of those links say anything about leaking encryption keys but rather just exposing FP register state. Is it a possible vulnerability, yes. Is it going to leak encryption keys? Probably not.
As mentioned in the Red Hat source, these leaks can be used for one process to make assumption of the state of execution of another process. So it wouldn't leak actual sensitive data, but leak context. This sounds like an extreme edge case, but we'll see if they eventually find more "related" bugs that are actually serious. For a data leakage from a CPU to be useful, you would have to be able to target reading of specific memory addresses or similar, so you can slowly assemble sections of memory. If the data leaked is either uncontrollable or just general state information, then it's useless by itself, and probably in a larger context too.
Let me give another example of similar incorrect assumptions. Quite often we hear of new bugs in software where an attacker can cause a buffer overflow. Since a buffer overflow in theory can lead to arbitrary code execution, people usually automatically consider the bug serious and tell everyone to patch it immediately. In reality, "all" modern PCs have execute bit protection enabled which would stop any such exploit. But since there are still systems out there that may be vulnerable, this is automatically assumed critical, even though it's mostly limited to enterprise embedded systems, routers, legacy systems(>15 years). This very important distinction is almost always lost in the articles about the exploits.
It's fairly common that one new bug gives researches ideas for new approaches of testing, and if a bug is due to incorrect assumptions, you can probably find more "related" problems. If you remember the software bug "Heartbleed", in the hysteria that followed, researchers found at least another 10 serious bugs. And people finding real bugs is a good thing.So, it looks like Spectre/Meltdown researchers opened up a massive can of worms. I hope both vendors take security more seriously in the future ...