[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic



On Thu, Oct 31, 2013 at 11:26 PM, Michael Still <mikal at stillhq.com> wrote:

> [snip]
>


> Its about the CPU cost of the crypto. I was once told the number of
> CPUs required to do SSL on web search (which I have now forgotten) and
> it was a bigger number than you'd expect -- certainly hundreds.
>
So, crypto costs money at scale basically.
>

SSL Cryptography for web search is a different problem than, say
 Site-to-Site VPN encryption.

Every time a new browser connects, you have a new SSL session setup.
New SSL session setup requires  public cryptography operations which impose
a significant delay, and the public key operations have an enormous CPU
cost.

So much so,  that the key generation and signing operations involved in CPU
session setup are a big bottleneck, and therefore, a potential DoS risk.

For encryption of traffic between datacenters;    There should be very
little session setup and teardown  (very few public key operations);
 almost all the crypto load would be symmetric cryptography.


No doubt, there still  must be some cost in terms of crypto processors
required to achieve encryption of all the traffic on 100-gigabit links
 between datacenters;  it's always something, after all.






>
> Cheers,
> Michael
>
>


-- 
-JH