Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I didn't pull that number out of the air; I gave it a good 30 seconds of thought.

I arrived at it by:

* modding our bill rate up to that of a contractor who specializes in hardware crypto (we do not, but I know the bill rates of several people who do),

* guessing the amount of time it would take me to implement e.g. Aciicmez (something I can do reasonably because we did BTB timing for virtualized rootkit detection), and

* breaking it up into hours x bill rate.

If you can name 3 people who specialize in adversarial hardware crypto review†, then you know there are at least another 3 who will do grey-area projects of similar sophistication (say, for a company's competitor).

Can you name 3 hardware crypto testing specialist firms? I know there are other people on HN who can. Are you one of them?

(I can: 83f633acea3a6ca594ea85ae552445369058ded1)



Hilarious to watch you fight for HN all over the place then throw it all out the window when someone questions you.


I don't even know what this means.

I asked more specific questions in my comment; you aren't answering them. The only important question: why are you so strident about x86 side channels being a non-issue?

Because I'd watch chip vendors not even figure out how to secure MSIs under their IOMMUs and question whether just-plain-old- software security was a reasonable expectation under virtualization. You on the other hand seem to think it's so solid that the microarchitecture doesn't cache crypto artifacts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: