latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
joel jaeggli
joelja at bogus.com
Sat Nov 2 03:40:24 UTC 2013
On Nov 1, 2013, at 7:06 PM, Harry Hoffman <hhoffman at ip-solutions.net> wrote:
> That's with a recommendation of using RC4.
it’s also with 1024 bit keys in the key exchange.
> Head on over to the Wikipedia page for SSL/TLS and then decide if you want rc4 to be your preference when trying to defend against a adversary with the resources of a nation-state.
>
> Cheers,
> Harry
>
> Niels Bakker <niels=nanog at bakker.net> wrote:
>
>> * mikal at stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
>>> Its about the CPU cost of the crypto. I was once told the number of
>>> CPUs required to do SSL on web search (which I have now forgotten)
>>> and it was a bigger number than you'd expect -- certainly hundreds.
>>
>> False: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
>>
>> "On our production frontend machines, SSL/TLS accounts for less than
>> 1% of the CPU load, less than 10KB of memory per connection and less
>> than 2% of network overhead. Many people believe that SSL takes a lot
>> of CPU time and we hope the above numbers (public for the first time)
>> will help to dispel that."
>>
>>
>> -- Niels.
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20131101/d97aeacc/attachment.sig>
More information about the NANOG
mailing list