[Cryptography] Buffer Overflows & Spectre

Henry Baker hbaker1 at pipeline.com
Wed Nov 21 11:31:13 EST 2018 

At 09:03 PM 11/20/2018, Peter Gutmann wrote:
>Jon Callas <jon at callas.org> writes:
>>On top of this, there’s no easy way to fix pipelining to make this go away.
>
>"Don't allow malicious, attacker-controlled code to run on the same CPU/CPU cluster as your precious secret-containing code" would be a good start.
>
>Maybe CPU vendors could break their existing products into two distinct lines, one for people who think that sharing their CPU with code from pavel at virusbucket.ru is a good idea (speculation disabled) and one for people who don't (normal operation).

I wish it were that easy.

Here's another analogy.

It's the Middle Ages, and I've got a magnificent castle with thick walls and a deep, wide moat.  Cannons haven't been perfected yet, so I'm smug as a bug in my impregnable castle.

But wait, there's more!

I provide areas beyond my moat where all comers can camp for free as long as they wish.  Even better, I supply fresh water and free food for all.  I also provide all kinds of resources -- building materials, workshops, steel foundaries, chemicals -- again, all for free.

My largesse has not gone unnoticed, and tens of thousands of people come from far and wide to camp out in these areas surrounding my castle.  At first, they're annoying, but relatively harmless.  They make loud music at night and their campfires foul the air during the day.  But word of my charity continues to spread, and people from kingdoms thousands of miles away begin to arrive.  These are more sophisticated people, and they utilize my own workshops and my own resources to build *bridges* and *siege towers* and *catapults*.

One day, I wake up to find that these siege towers have crossed these bridges and these catapults are systematically destroying my thick walls.  My own foundaries have provided hammers and chisels to chip away at the cement holding my own walls together.

I send messengers to my own local kingdom asking for immediate aid to stop the imminent takeover of my castle.  Not only does my government not help, it sends out bureaucrats to check my walls and moats to make sure that the moats are not too deep or too wide, and that my walls are not too thick nor the cement too strong.  Because my own government is more afraid of me than the now 100,000 foreigners camped out in front of my castle and actively attacking it.

----
Shift forward 1000 years.  The moats and castle walls are 20 nanometers in dimension; the resources are electricity, CPU cycles, compilers, databases, networks, etc.  I provide Javascript, CPU cycles, RAM storage, and high speed network access to all comers, for free.  These invited guests can do Bitcoin mining, brute force -- or not so brute force -- password guessing, hammer at the rows of stones in my castle walls, and even utilize my resources to attack neighboring castles.

My ancestors are spinning in their graves over my naivete: "Those who cannot remember the past are condemned to repeat it".  [Santayana's version of diagonalizing space.]

I'm an idiot, but an extremely useful idiot.

More information about the cryptography mailing list