[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
- Subject: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
- From: johns at sstar.com (John Souvestre)
- Date: Fri, 1 Nov 2013 23:00:11 -0500
- In-reply-to: <-7027351400541268817@unknownmsgid>
- References: <[email protected]> <-7027351400541268817@unknownmsgid>
Money. The better the encryption the more it costs to crack. With forward
security you can even protect against your private key leaking.
In short, you can raise the stakes and make it economically unfeasible for
even the NSA.
John
??? John Souvestre - New Orleans LA - (504) 454-0899
-----Original Message-----
From: Mike Lyon [mailto:mike.lyon at gmail.com]
Sent: Fri, November 01, 2013 9:19 pm
To: Harry Hoffman
Cc: Niels Bakker; nanog at nanog.org
Subject: Re: latest Snowden docs show NSA intercepts all Google and Yahoo
DC-to-DC traffic
So even if Goog or Yahoo encrypt their data between DCs, what stops the NSA
from decrypting that data? Or would it be done simply to make their lives a
bit more of a PiTA to get the data they want?
-Mike
> On Nov 1, 2013, at 19:08, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
>
> That's with a recommendation of using RC4.
> Head on over to the Wikipedia page for SSL/TLS and then decide if you want
rc4 to be your preference when trying to defend against a adversary with the
resources of a nation-state.
>
> Cheers,
> Harry
>
> Niels Bakker <niels=nanog at bakker.net> wrote:
>
>> * mikal at stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
>>> Its about the CPU cost of the crypto. I was once told the number of
>>> CPUs required to do SSL on web search (which I have now forgotten)
>>> and it was a bigger number than you'd expect -- certainly hundreds.
>>
>> False:
>> https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
>>
>> "On our production frontend machines, SSL/TLS accounts for less than
>> 1% of the CPU load, less than 10KB of memory per connection and less
>> than 2% of network overhead. Many people believe that SSL takes a lot
>> of CPU time and we hope the above numbers (public for the first time)
>> will help to dispel that."
>>
>>
>> -- Niels.
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6298 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131101/7491e1da/attachment-0001.bin>