From: Timothy Miller <miller@techsource.com>
To: Ingo Molnar <mingo@elte.hu>
Cc: "David S. Miller" <davem@redhat.com>,
Scott A Crosby <scrosby@cs.rice.edu>,
linux-kernel@vger.kernel.org
Subject: Re: Algoritmic Complexity Attacks and 2.4.20 the dcache code
Date: Fri, 30 May 2003 14:16:09 -0400 [thread overview]
Message-ID: <3ED79FE9.7090405@techsource.com> (raw)
In-Reply-To: Pine.LNX.4.44.0305300627140.4176-100000@localhost.localdomain
Ingo Molnar wrote:
> i'd suggest to use the jhash for the following additional kernel entities:
> pagecache hash, inode hash, vcache hash.
>
> the buffer-cache hash and the pidhash should be hard (impossible?) to
> attack locally.
>
Maybe this is what someone is saying, and I just missed it, but...
Coming late into this discussion (once again), I am making some
assumptions here. A while back, someone came up with a method for
breaking encryption (narrowing the brute force computations) by
determining how long it took a given host to compute encryption keys or
hashes or something.
If you have a situation where a lot of hashes are to be computed, and
you want to decouple the computation time from the response time, then
do this:
1) A kernel thread requests a hash to be computed. That hash is
computed and put into a queue. The kernel thread is put into the task
queue.
2) Other kernel threads do the same.
3) Threads get woken up only when their hash is pulled off the queue.
This way, the only added overhead is kernel context switch from one
thread to another. The algorithm doesn't waste CPU time trying to hide
the complexity of the computation, because the time between request and
receipt of a hash is dependent on whatever other random hashed are also
being computed. That is, receipt is much later than request, but you
haven't wasted time.
The only case where this doesn't deal with the problem in a low-cost way
is when the queue starts out empty when you make a request, and then
it's the only one on the queue when it's pulled off. In that case, you
do have to waste time. However, given that the kernel thread will go to
sleep anyhow, the time between sleeping and waking up is somewhat random
due to whatever other kernel and user threads might get executed in the
mean time.
In fact, one solution to this problem would be for the hash computing
function to just yield the CPU before or after the computation of the
hash. Even in a system with absolutely no other load, the fact that we
have to go into and out of the scheduler will add some randomness to the
computation time, perhaps.
Have I just completely left the topic here? :)
next prev parent reply other threads:[~2003-05-30 17:52 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-29 20:42 Algoritmic Complexity Attacks and 2.4.20 the dcache code Scott A Crosby
2003-05-30 3:57 ` David S. Miller
2003-05-30 4:29 ` Ingo Molnar
2003-05-30 18:16 ` Timothy Miller [this message]
2003-05-30 18:53 ` Scott A Crosby
2003-05-30 5:04 ` Scott A Crosby
2003-05-30 6:24 ` David S. Miller
2003-05-30 6:46 ` Scott A Crosby
2003-05-30 6:56 ` David S. Miller
2003-05-30 8:59 ` Alex Riesen
2003-05-30 9:00 ` David S. Miller
2003-05-30 15:05 ` Scott A Crosby
2003-05-31 6:18 ` David S. Miller
2003-05-31 8:02 ` Willy TARREAU
2003-05-31 8:12 ` David S. Miller
2003-05-31 8:56 ` Willy Tarreau
2003-05-31 8:58 ` David S. Miller
2003-05-31 8:58 ` David Schwartz
2003-05-31 9:01 ` David S. Miller
2003-05-31 6:30 ` William Lee Irwin III
2003-05-31 6:33 ` David S. Miller
2003-05-31 6:41 ` William Lee Irwin III
2003-05-31 6:45 ` David S. Miller
2003-05-31 18:40 ` Aaron Lehmann
2003-05-30 4:02 ` Ingo Molnar
2003-05-30 4:42 ` Scott A Crosby
2003-05-30 5:01 ` David S. Miller
2003-05-30 13:48 ` Nikita Danilov
2003-06-01 1:15 ` Daniel Phillips
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ED79FE9.7090405@techsource.com \
--to=miller@techsource.com \
--cc=davem@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=scrosby@cs.rice.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox