latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

• Previous message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Next message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 1, 2013 at 7:18 PM, Mike Lyon <mike.lyon at gmail.com> wrote:

> So even if Goog or Yahoo encrypt their data between DCs, what stops
> the NSA from decrypting that data? Or would it be done simply to make
> their lives a bit more of a PiTA to get the data they want?
>
> -Mike
>


I'm just gonna toss this URL out here...


http://www.gdc4s.com/Documents/Products/SecureVoiceData/NetworkEncryption/KG-530_Price_2-1-2012.pdf

and note the terms and conditions for purchase:

General Terms & Conditions

Delivery dates for all products will be established by General Dynamics
at the time of order acceptance.

All specifications, products and pricing are subject to change or
discontinuance at anytime without notice.

Prior written approval from the National Security Agency (General Dynamics
will submit request) and a current
COMSEC account is required for all purchases


I'll leave it as an exercise for the reader to
think about what it means to put encryption
technology into the network that requires
written approval from the NSA to purchase...

Matt





>
>
> > On Nov 1, 2013, at 19:08, Harry Hoffman <hhoffman at ip-solutions.net>
> wrote:
> >
> > That's with a recommendation of using RC4.
> > Head on over to the Wikipedia page for SSL/TLS and then decide if you
> want rc4 to be your preference when trying to defend against a adversary
> with the resources of a nation-state.
> >
> > Cheers,
> > Harry
> >
> > Niels Bakker <niels=nanog at bakker.net> wrote:
> >
> >> * mikal at stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]:
> >>> Its about the CPU cost of the crypto. I was once told the number of
> >>> CPUs required to do SSL on web search (which I have now forgotten)
> >>> and it was a bigger number than you'd expect -- certainly hundreds.
> >>
> >> False: https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html
> >>
> >> "On our production frontend machines, SSL/TLS accounts for less than
> >> 1% of the CPU load, less than 10KB of memory per connection and less
> >> than 2% of network overhead. Many people believe that SSL takes a lot
> >> of CPU time and we hope the above numbers (public for the first time)
> >> will help to dispel that."
> >>
> >>
> >>    -- Niels.
> >>
>
>

• Previous message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Next message (by thread): latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]