The microblog: 2022.08.30 03:35:55

2022.08.30 03:35:55 (1564426658009862144) from Daniel J. Bernstein, replying to "Dominic White ❌ (@singe)" = "Dominic White πŸŽ„πŸŽ… (@singe)" (1564094155055407112):

Some combination of hammer detection and ECC _might_ work, but this is awfully difficult to evaluate, and papers keep showing attacks. It's much more convincing (and seems implementable: see ZebRAM etc.) to keep a physical moat, at least 1 row, between different security domains.


2022.08.28 08:33:42 (1563776820364734464) from Daniel J. Bernstein:

Bits in DRAM sometimes flip. Typical servers have SECDED ECC DRAM to protect against this, but typical desktops/laptops/smartphones don't. Have released a "libsecded" micro-library with secded_encode() to protect an array and secded_decode() to recover it:

2022.08.28 10:13:01 (1563801814323138560) from "Dominic White ❌ (@singe)" = "Dominic White πŸŽ„πŸŽ… (@singe)":

How difficult/costly would it be to increase the checks to three bits to handle ECCPLOIT row hammer variants?

2022.08.29 03:49:02 (1564067569291517952) from Daniel J. Bernstein, replying to "Dominic White ❌ (@singe)" = "Dominic White πŸŽ„πŸŽ… (@singe)" (1563801814323138560):

The portable code in libsecded is roughly 1 cycle/byte on current Intel CPUs (depending on array size), which is the sort of cost most applications don't notice even if it's applied to all data. Certainly interesting to try larger-distance codes. But need isolation vs Rowhammer.

2022.08.29 05:34:40 (1564094155055407112) from "Dominic White ❌ (@singe)" = "Dominic White πŸŽ„πŸŽ… (@singe)":

Thank you. What did you mean by β€œneed isolation vs Rowhammer”?