Then who if not Matasano can perform such an attack for $500,000?
Let's say I'm in the market and this particular web site annoys me and it is hosted on EC2. I want to compromise that web site's crypto from a neighboring domU and my budget is $500,000.
You are saying I can contract with someone at that rate and it will get done? How long does that security company take to deliver? With your breadth of security experience and your claim that it's a $500,000-contract job surely you must know who will write that contract otherwise you wouldn't have said such a thing, right?
I didn't pull that number out of the air; I gave it a good 30 seconds of thought.
I arrived at it by:
* modding our bill rate up to that of a contractor who specializes in hardware crypto (we do not, but I know the bill rates of several people who do),
* guessing the amount of time it would take me to implement e.g. Aciicmez (something I can do reasonably because we did BTB timing for virtualized rootkit detection), and
* breaking it up into hours x bill rate.
If you can name 3 people who specialize in adversarial hardware crypto review†, then you know there are at least another 3 who will do grey-area projects of similar sophistication (say, for a company's competitor).
Can you name 3 hardware crypto testing specialist firms? I know there are other people on HN who can. Are you one of them?
† (I can: 83f633acea3a6ca594ea85ae552445369058ded1)
I asked more specific questions in my comment; you aren't answering them. The only important question: why are you so strident about x86 side channels being a non-issue?
Because I'd watch chip vendors not even figure out how to secure MSIs under their IOMMUs and question whether just-plain-old- software security was a reasonable expectation under virtualization. You on the other hand seem to think it's so solid that the microarchitecture doesn't cache crypto artifacts.
