latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

• Previous message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Next message (by thread): Reverse DNS RFCs and Recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Big Brother is always watching and Big Brother has way more resources than network-operators in this list!
(good discussion all the same)

a) politics is the last-resort for scoundrels
b) power corrupts and absolute-power(FBI, CIA, NSA, DHS..etc,) corrupts-absolutely.

I speak from this-side-of-the-pond and I have no doubt that this thread is being monitored as well by (b) and no; I don't have my tinfoil-hat on.

To answer your question:

Not Much.
./Randy







----- Original Message -----
> From: Harry Hoffman <hhoffman at ip-solutions.net>
> To: Mike Lyon <mike.lyon at gmail.com>
> Cc: Niels Bakker <niels=nanog at bakker.net>; nanog at nanog.org
> Sent: Friday, November 1, 2013 7:32 PM
> Subject: Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
> 
> So, I'm not sure if I'm being too simple-minded in my response. Please 
> let me know if I am.
> The purpose of encrypting data is so others can't read your secrets.
> If you use a simple substitution cipher it's pretty easy to derive the set 
> of substitution rules used.
> Stronger encryption algorithms employ more "difficult" math. Figuring 
> out how to get from the ciphertext to the plaintext becomes a, computationally, 
> difficult task.
> If your encryption algorithms are "good" *and* your source of random 
> data is really random then the amount of time it takes to decrypt the data is so 
> far out that it makes the data useless.
> 
> Cheers,
> Harry
> 
> Mike Lyon <mike.lyon at gmail.com> wrote:
> 
>> So even if Goog or Yahoo encrypt their data between DCs, what stops
>> the NSA from decrypting that data? Or would it be done simply to make
>> their lives a bit more of a PiTA to get the data they want?
>> 
>> -Mike
>> 
>> 
>> 
>>>  On Nov 1, 2013, at 19:08, Harry Hoffman 
> <hhoffman at ip-solutions.net> wrote:
>>> 
>>>  That's with a recommendation of using RC4.
>>>  Head on over to the Wikipedia page for SSL/TLS and then decide if you 
> want rc4 to be your preference when trying to defend against a adversary with 
> the resources of a nation-state.
>>> 
>>>  Cheers,
>>>  Harry
>>> 
>>>  Niels Bakker <niels=nanog at bakker.net> wrote:
>>> 
>>>>  * mikal at stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
>>>>>  Its about the CPU cost of the crypto. I was once told the 
> number of
>>>>>  CPUs required to do SSL on web search (which I have now 
> forgotten)
>>>>>  and it was a bigger number than you'd expect -- certainly 
> hundreds.
>>>> 
>>>>  False: 
> https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
>>>> 
>>>>  "On our production frontend machines, SSL/TLS accounts for 
> less than
>>>>  1% of the CPU load, less than 10KB of memory per connection and 
> less
>>>>  than 2% of network overhead. Many people believe that SSL takes a 
> lot
>>>>  of CPU time and we hope the above numbers (public for the first 
> time)
>>>>  will help to dispel that."
>>>> 
>>>> 
>>>>     -- Niels.
>>>> 
> 

• Previous message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Next message (by thread): Reverse DNS RFCs and Recommendations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]