2022.06.15 23:42:36 (1537188851440943105) from Daniel J. Bernstein, replying to "Tom (@TomInfosec)" (1537017396271235074):
This particular attack demo succeeded with toy models and toy signal processing, so I'd expect state-of-the-art models and state-of-the-art signal processing to extract secrets from many more programs, _except_ when users protect themselves by setting constant CPU frequencies.
2022.06.15 08:10:26 (1536954264953573376) from Daniel J. Bernstein:
As someone who happily runs servers and laptops at constant clock frequencies (see https://bench.cr.yp.to/supercop.html for Linux advice) rather than heat-the-hardware random frequencies, I dispute the claim in https://www.hertzbleed.com that this has an "extreme system-wide performance impact".
2022.06.15 12:21:18 (1537017396271235074) from "Tom (@TomInfosec)":
Aside from the mitigations, what’s your opinion on the possible impact this vulnerability could have? The claims on their website seem somewhat overstated after reading through the paper.