Apple Silicon Vulnerability

[Hammarby]

Fresco fresco l'annuncio di una vulnerabilità seria in tutti i chip della serie M.
Come spiega in dettaglio l'articolo, la soluzione software penalizza fortemente la velocità

https://arstechnica.com/security/2024/0 ... mac-chips/

Dall'articolo

The attack works against both classical encryption algorithms and a newer generation of encryption that has been hardened to withstand anticipated attacks from quantum computers. The GoFetch app requires less than an hour to extract a 2048-bit RSA key and a little over two hours to extract a 2048-bit Diffie-Hellman key. The attack takes 54 minutes to extract the material required to assemble a Kyber-512 key and about 10 hours for a Dilithium-2 key, not counting offline time needed to process the raw data.

E inoltre

Like other microarchitectural CPU side channels, the one that makes GoFetch possible can’t be patched in the silicon. Instead, responsibility for mitigating the harmful effects of the vulnerability falls on the people developing code for Apple hardware. For developers of cryptographic software running on M1 and M2 processors, this means that in addition to constant-time programming, they will have to employ other defenses, almost all of which come with significant performance penalties.

[andrea_mac]

ahpperò!

[fragrua]

Non male stavolta. Per fortuna all'utente medio finale poco importa, ma questo deve farci riflettere sul DOVE custodire i nostri file "preziosi".

Off-line e al chiuso!

[fenix]

se diventa critico e ritirano i Mac a me va piu che bene me ne danno uno avanzato ho l'applecare

[fragrua]

se diventa critico e ritirano i Mac a me va piu che bene me ne danno uno avanzato ho l'applecare

Questo sogno fantastico non poteva generarlo nemmeno l'a.i. più bacata.

[andrea_mac]

questo deve farci riflettere sul DOVE custodire i nostri file "preziosi"

Ecco, appunto!

[Hammarby]

Anche Tom ne parla, con un articolo più leggibile

https://www.tomshardware.com/pc-compone ... n-hardware

The interesting tidbit is that Intel's Raptor Lake CPU architecture (which includes both 13th and 14th Gen CPUs) doesn't have this vulnerability despite sharing the same prefetcher as Apple's M series chips. We don't know why this is the case, but it demonstrates that this vulnerability can be patched in silicon.
However, this will only occur in future Apple M series architectures (i.e. M4) when Apple's engineers have time to re-design its CPU architecture to account for the recently discovered vulnerabilities.

[Alberto.G]

Anche HDblog.it ha dato notizia della nuova vulnerabilità, denominata "GoFetch", che colpisce i Mac dotati di chip della serie M di Apple:

https://www.hdblog.it/portatili/articol ... ilita-mac/