[166641] in North American Network Operators' Group
Re: latest Snowden docs show NSA intercepts all Google and Yahoo
daemon@ATHENA.MIT.EDU (joel jaeggli)
Fri Nov 1 23:44:03 2013
From: joel jaeggli <joelja@bogus.com>
In-Reply-To: <ipw7acuqm87i0hwdiek14wll.1383358016384@email.android.com>
Date: Fri, 1 Nov 2013 20:40:24 -0700
To: Harry Hoffman <hhoffman@ip-solutions.net>
Cc: Niels Bakker <niels=nanog@bakker.net>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--Apple-Mail=_EB93B232-3640-435C-AFB5-7AA86E57CD6D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=windows-1252
On Nov 1, 2013, at 7:06 PM, Harry Hoffman <hhoffman@ip-solutions.net> =
wrote:
> That's with a recommendation of using RC4.
it=92s also with 1024 bit keys in the key exchange.
> Head on over to the Wikipedia page for SSL/TLS and then decide if you =
want rc4 to be your preference when trying to defend against a adversary =
with the resources of a nation-state.
>=20
> Cheers,
> Harry
>=20
> Niels Bakker <niels=3Dnanog@bakker.net> wrote:
>=20
>> * mikal@stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
>>> Its about the CPU cost of the crypto. I was once told the number of=20=
>>> CPUs required to do SSL on web search (which I have now forgotten)=20=
>>> and it was a bigger number than you'd expect -- certainly hundreds.
>>=20
>> False: =
https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
>>=20
>> "On our production frontend machines, SSL/TLS accounts for less than=20=
>> 1% of the CPU load, less than 10KB of memory per connection and less=20=
>> than 2% of network overhead. Many people believe that SSL takes a lot=20=
>> of CPU time and we hope the above numbers (public for the first time)=20=
>> will help to dispel that."
>>=20
>>=20
>> -- Niels.
>>=20
>=20
--Apple-Mail=_EB93B232-3640-435C-AFB5-7AA86E57CD6D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iEYEARECAAYFAlJ0dCgACgkQ8AA1q7Z/VrLqhQCffoqcZIg9RWoSB0WSbLfPWCNj
zswAn30w4pcXMDLNA9AtosPvHed6sCFF
=q3O6
-----END PGP SIGNATURE-----
--Apple-Mail=_EB93B232-3640-435C-AFB5-7AA86E57CD6D--
