latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

joel jaeggli joelja at
Sat Nov 2 03:40:24 UTC 2013

On Nov 1, 2013, at 7:06 PM, Harry Hoffman <hhoffman at> wrote:

> That's with a recommendation of using RC4.

it’s also with 1024 bit keys in the key exchange.

> Head on over to the Wikipedia page for SSL/TLS and then decide if you want rc4 to be your preference when trying to defend against a adversary with the resources of a nation-state.
> Cheers,
> Harry
> Niels Bakker <niels=nanog at> wrote:
>> * mikal at (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
>>> Its about the CPU cost of the crypto. I was once told the number of 
>>> CPUs required to do SSL on web search (which I have now forgotten) 
>>> and it was a bigger number than you'd expect -- certainly hundreds.
>> False:
>> "On our production frontend machines, SSL/TLS accounts for less than 
>> 1% of the CPU load, less than 10KB of memory per connection and less 
>> than 2% of network overhead. Many people believe that SSL takes a lot 
>> of CPU time and we hope the above numbers (public for the first time) 
>> will help to dispel that."
>> 	-- Niels.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the NANOG mailing list