[166640] in North American Network Operators' Group
Re: latest Snowden docs show NSA intercepts all Google and Yahoo
daemon@ATHENA.MIT.EDU (Randy)
Fri Nov 1 23:29:36 2013
Date: Fri, 1 Nov 2013 20:29:22 -0700 (PDT)
From: Randy <randy_94108@yahoo.com>
To: Harry Hoffman <hhoffman@ip-solutions.net>
In-Reply-To: <343r7gx04ytwcbscqbx9luey.1383359565953@email.android.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Reply-To: Randy <randy_94108@yahoo.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Big Brother is always watching and Big Brother has way more resources than =
network-operators in this list!=0A(good discussion all the same)=0A=0Aa) po=
litics is the last-resort for scoundrels=0Ab) power corrupts and absolute-p=
ower(FBI, CIA, NSA, DHS..etc,) corrupts-absolutely.=0A=0AI speak from this-=
side-of-the-pond and I have no doubt that this thread is being monitored as=
well by (b) and no; I don't have my tinfoil-hat on.=0A=0ATo answer your qu=
estion:=0A=0ANot Much.=0A./Randy=0A=0A=0A=0A=0A=0A=0A=0A----- Original Mess=
age -----=0A> From: Harry Hoffman <hhoffman@ip-solutions.net>=0A> To: Mike =
Lyon <mike.lyon@gmail.com>=0A> Cc: Niels Bakker <niels=3Dnanog@bakker.net>;=
nanog@nanog.org=0A> Sent: Friday, November 1, 2013 7:32 PM=0A> Subject: Re=
: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC tra=
ffic=0A> =0A> So, I'm not sure if I'm being too simple-minded in my respons=
e. Please =0A> let me know if I am.=0A> The purpose of encrypting data is s=
o others can't read your secrets.=0A> If you use a simple substitution ciph=
er it's pretty easy to derive the set =0A> of substitution rules used.=0A> =
Stronger encryption algorithms employ more "difficult" math. Figuring =0A> =
out how to get from the ciphertext to the plaintext becomes a, computationa=
lly, =0A> difficult task.=0A> If your encryption algorithms are "good" *and=
* your source of random =0A> data is really random then the amount of time =
it takes to decrypt the data is so =0A> far out that it makes the data usel=
ess.=0A> =0A> Cheers,=0A> Harry=0A> =0A> Mike Lyon <mike.lyon@gmail.com> wr=
ote:=0A> =0A>> So even if Goog or Yahoo encrypt their data between DCs, wha=
t stops=0A>> the NSA from decrypting that data? Or would it be done simply =
to make=0A>> their lives a bit more of a PiTA to get the data they want?=0A=
>> =0A>> -Mike=0A>> =0A>> =0A>> =0A>>> On Nov 1, 2013, at 19:08, Harry Hof=
fman =0A> <hhoffman@ip-solutions.net> wrote:=0A>>> =0A>>> That's with a re=
commendation of using RC4.=0A>>> Head on over to the Wikipedia page for SS=
L/TLS and then decide if you =0A> want rc4 to be your preference when tryin=
g to defend against a adversary with =0A> the resources of a nation-state.=
=0A>>> =0A>>> Cheers,=0A>>> Harry=0A>>> =0A>>> Niels Bakker <niels=3Dnan=
og@bakker.net> wrote:=0A>>> =0A>>>> * mikal@stillhq.com (Michael Still) [F=
ri 01 Nov 2013, 05:27 CET]:=0A>>>>> Its about the CPU cost of the crypto. =
I was once told the =0A> number of=0A>>>>> CPUs required to do SSL on web =
search (which I have now =0A> forgotten)=0A>>>>> and it was a bigger numbe=
r than you'd expect -- certainly =0A> hundreds.=0A>>>> =0A>>>> False: =0A>=
https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html=0A>>>> =0A=
>>>> "On our production frontend machines, SSL/TLS accounts for =0A> less =
than=0A>>>> 1% of the CPU load, less than 10KB of memory per connection an=
d =0A> less=0A>>>> than 2% of network overhead. Many people believe that S=
SL takes a =0A> lot=0A>>>> of CPU time and we hope the above numbers (publ=
ic for the first =0A> time)=0A>>>> will help to dispel that."=0A>>>> =0A>>=
>> =0A>>>> =A0 =A0 -- Niels.=0A>>>> =0A>
