[webkit-dev] Timing attacks on CSS Shaders (was Re: Security problems with CSS shaders)

Oliver Hunt oliver at apple.com
Thu Dec 8 13:28:39 PST 2011

On Dec 8, 2011, at 1:25 PM, Rik Cabanier wrote:

> This might no longer be true, but isn't it the case that shaders are designed to take the same amount of time to execute, no matter what input they get?
> ie if you have an if/else block, the time of the shader would be whatever block takes the longest. This was done so you can schedule many of them at the same time without having to worry about synchronizing them.
> Rik

That was only true in the early days of GLSL, etc when the hardware did not actually support branching.  Now the hardware does support branching so these timing attacks are relatively trivial (see http://www.contextis.co.uk/resources/blog/webgl/poc/index.html).


More information about the webkit-dev mailing list