2022.08.30 03:35:55 (1564426658009862144) from Daniel J. Bernstein, replying to "Dominic White β (@singe)" = "Dominic White ππ (@singe)" (1564094155055407112):
Some combination of hammer detection and ECC _might_ work, but this is awfully difficult to evaluate, and papers keep showing attacks. It's much more convincing (and seems implementable: see ZebRAM etc.) to keep a physical moat, at least 1 row, between different security domains.
2022.08.28 08:33:42 (1563776820364734464) from Daniel J. Bernstein:
Bits in DRAM sometimes flip. Typical servers have SECDED ECC DRAM to protect against this, but typical desktops/laptops/smartphones don't. Have released a "libsecded" micro-library with secded_encode() to protect an array and secded_decode() to recover it: https://pqsrc.cr.yp.to/downloads.html
2022.08.28 10:13:01 (1563801814323138560) from "Dominic White β (@singe)" = "Dominic White ππ (@singe)":
How difficult/costly would it be to increase the checks to three bits to handle ECCPLOIT row hammer variants? https://www.vusec.net/projects/eccploit/
2022.08.29 03:49:02 (1564067569291517952) from Daniel J. Bernstein, replying to "Dominic White β (@singe)" = "Dominic White ππ (@singe)" (1563801814323138560):
The portable code in libsecded is roughly 1 cycle/byte on current Intel CPUs (depending on array size), which is the sort of cost most applications don't notice even if it's applied to all data. Certainly interesting to try larger-distance codes. But need isolation vs Rowhammer.
2022.08.29 05:34:40 (1564094155055407112) from "Dominic White β (@singe)" = "Dominic White ππ (@singe)":
Thank you. What did you mean by βneed isolation vs Rowhammerβ?