• 0 Posts
  • 28 Comments
Joined 1 year ago
cake
Cake day: June 19th, 2023

help-circle





  • I think the biggest problem is that ai for now is not an exact tool that gets everything right. Because that’s just not what it is built to do. Which goes against much of the philosophy of most tools you’d find on your Linux PC.

    Secondly: Many people who choose Linux or other foss operating system do so, at least partially, to stay in control over their system which includes knowing why stuff happens and being able to fix stuff. Again that is just not what AI can currently deliver and it’s unlikely it will ever do that.

    So I see why people just choose to ignore the whole thing all together.















  • So the attack is (very basically, if I understand correctly)

    Setup:

    • I control at least one process on the machine I am targeting another process on
    • I can send data to the target process and the process will decrypt that

    Attack:

    • I send data that in some intermediate state of decryption will look like a pointer
    • This “pointer” contains some information about the secret key I am trying to steal
    • The prefetcher does it’s thing loading the data “pointed to” in the cache
    • I can observe via a cache side channel what the prefetcher did, giving me this “pointer” containing information about the secret key
    • Repeat until I have gathered enough information about the secret key

    Is this somewhat correct? Those speculative execution vulnerabilities always make my brain hurt a little