The microblog: 2022.06.15 23:42:36

2022.06.15 23:42:36 (1537188851440943105) from Daniel J. Bernstein, replying to "Tom (@TomInfosec)" (1537017396271235074):

This particular attack demo succeeded with toy models and toy signal processing, so I'd expect state-of-the-art models and state-of-the-art signal processing to extract secrets from many more programs, _except_ when users protect themselves by setting constant CPU frequencies.


2022.06.15 08:10:26 (1536954264953573376) from Daniel J. Bernstein:

As someone who happily runs servers and laptops at constant clock frequencies (see for Linux advice) rather than heat-the-hardware random frequencies, I dispute the claim in that this has an "extreme system-wide performance impact".

2022.06.15 12:21:18 (1537017396271235074) from "Tom (@TomInfosec)":

Aside from the mitigations, what’s your opinion on the possible impact this vulnerability could have? The claims on their website seem somewhat overstated after reading through the paper.