Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

[Mike Lyon <mike.lyon () gmail com>]

So even if Goog or Yahoo encrypt their data between DCs, what stops
the NSA from decrypting that data? Or would it be done simply to make
their lives a bit more of a PiTA to get the data they want?

-Mike



> On Nov 1, 2013, at 19:08, Harry Hoffman <hhoffman () ip-solutions net> wrote:
>
> That's with a recommendation of using RC4.
> Head on over to the Wikipedia page for SSL/TLS and then decide if you want rc4 to be your preference when trying to 
> defend against a adversary with the resources of a nation-state.
>
> Cheers,
> Harry
>
> Niels Bakker <niels=nanog () bakker net> wrote:
>
> > * mikal () stillhq com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
> > > Its about the CPU cost of the crypto. I was once told the number of
> > > CPUs required to do SSL on web search (which I have now forgotten)
> > > and it was a bigger number than you'd expect -- certainly hundreds.
> >
> > False: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
> >
> > "On our production frontend machines, SSL/TLS accounts for less than
> > 1% of the CPU load, less than 10KB of memory per connection and less
> > than 2% of network overhead. Many people believe that SSL takes a lot
> > of CPU time and we hope the above numbers (public for the first time)
> > will help to dispel that."
> >
> >
> >    -- Niels.