nanog mailing list archives
Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
From: Randy <randy_94108 () yahoo com>
Date: Fri, 1 Nov 2013 20:29:22 -0700 (PDT)
Big Brother is always watching and Big Brother has way more resources than network-operators in this list! (good discussion all the same) a) politics is the last-resort for scoundrels b) power corrupts and absolute-power(FBI, CIA, NSA, DHS..etc,) corrupts-absolutely. I speak from this-side-of-the-pond and I have no doubt that this thread is being monitored as well by (b) and no; I don't have my tinfoil-hat on. To answer your question: Not Much. ./Randy ----- Original Message -----
From: Harry Hoffman <hhoffman () ip-solutions net> To: Mike Lyon <mike.lyon () gmail com> Cc: Niels Bakker <niels=nanog () bakker net>; nanog () nanog org Sent: Friday, November 1, 2013 7:32 PM Subject: Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic So, I'm not sure if I'm being too simple-minded in my response. Please let me know if I am. The purpose of encrypting data is so others can't read your secrets. If you use a simple substitution cipher it's pretty easy to derive the set of substitution rules used. Stronger encryption algorithms employ more "difficult" math. Figuring out how to get from the ciphertext to the plaintext becomes a, computationally, difficult task. If your encryption algorithms are "good" *and* your source of random data is really random then the amount of time it takes to decrypt the data is so far out that it makes the data useless. Cheers, Harry Mike Lyon <mike.lyon () gmail com> wrote:So even if Goog or Yahoo encrypt their data between DCs, what stops the NSA from decrypting that data? Or would it be done simply to make their lives a bit more of a PiTA to get the data they want? -MikeOn Nov 1, 2013, at 19:08, Harry Hoffman<hhoffman () ip-solutions net> wrote:That's with a recommendation of using RC4. Head on over to the Wikipedia page for SSL/TLS and then decide if youwant rc4 to be your preference when trying to defend against a adversary with the resources of a nation-state.Cheers, Harry Niels Bakker <niels=nanog () bakker net> wrote:* mikal () stillhq com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:Its about the CPU cost of the crypto. I was once told thenumber ofCPUs required to do SSL on web search (which I have nowforgotten)and it was a bigger number than you'd expect -- certainlyhundreds.False:https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html"On our production frontend machines, SSL/TLS accounts forless than1% of the CPU load, less than 10KB of memory per connection andlessthan 2% of network overhead. Many people believe that SSL takes alotof CPU time and we hope the above numbers (public for the firsttime)will help to dispel that." -- Niels.
Current thread:
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic, (continued)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Mike Lyon (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Lyndon Nerenberg (Nov 01)
- RE: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic John Souvestre (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Matthew Petach (Nov 02)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Michael Thomas (Nov 02)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic joel jaeggli (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Randy Bush (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Mike Lyon (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Harry Hoffman (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Mike Lyon (Nov 01)
- Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic Randy (Nov 01)