Big Brother is always watching and Big Brother has way more resources than network-operators in this list! (good discussion all the same)
a) politics is the last-resort for scoundrels b) power corrupts and absolute-power(FBI, CIA, NSA, DHS..etc,) corrupts-absolutely. I speak from this-side-of-the-pond and I have no doubt that this thread is being monitored as well by (b) and no; I don't have my tinfoil-hat on. To answer your question: Not Much. ./Randy ----- Original Message ----- > From: Harry Hoffman <hhoff...@ip-solutions.net> > To: Mike Lyon <mike.l...@gmail.com> > Cc: Niels Bakker <niels=na...@bakker.net>; nanog@nanog.org > Sent: Friday, November 1, 2013 7:32 PM > Subject: Re: latest Snowden docs show NSA intercepts all Google and Yahoo > DC-to-DC traffic > > So, I'm not sure if I'm being too simple-minded in my response. Please > let me know if I am. > The purpose of encrypting data is so others can't read your secrets. > If you use a simple substitution cipher it's pretty easy to derive the set > of substitution rules used. > Stronger encryption algorithms employ more "difficult" math. Figuring > out how to get from the ciphertext to the plaintext becomes a, > computationally, > difficult task. > If your encryption algorithms are "good" *and* your source of random > data is really random then the amount of time it takes to decrypt the data is > so > far out that it makes the data useless. > > Cheers, > Harry > > Mike Lyon <mike.l...@gmail.com> wrote: > >> So even if Goog or Yahoo encrypt their data between DCs, what stops >> the NSA from decrypting that data? Or would it be done simply to make >> their lives a bit more of a PiTA to get the data they want? >> >> -Mike >> >> >> >>> On Nov 1, 2013, at 19:08, Harry Hoffman > <hhoff...@ip-solutions.net> wrote: >>> >>> That's with a recommendation of using RC4. >>> Head on over to the Wikipedia page for SSL/TLS and then decide if you > want rc4 to be your preference when trying to defend against a adversary with > the resources of a nation-state. >>> >>> Cheers, >>> Harry >>> >>> Niels Bakker <niels=na...@bakker.net> wrote: >>> >>>> * mi...@stillhq.com (Michael Still) [Fri 01 Nov 2013, 05:27 CET]: >>>>> Its about the CPU cost of the crypto. I was once told the > number of >>>>> CPUs required to do SSL on web search (which I have now > forgotten) >>>>> and it was a bigger number than you'd expect -- certainly > hundreds. >>>> >>>> False: > https://www.imperialviolet.org/2010/06/25/overclocking-ssl.html >>>> >>>> "On our production frontend machines, SSL/TLS accounts for > less than >>>> 1% of the CPU load, less than 10KB of memory per connection and > less >>>> than 2% of network overhead. Many people believe that SSL takes a > lot >>>> of CPU time and we hope the above numbers (public for the first > time) >>>> will help to dispel that." >>>> >>>> >>>> -- Niels. >>>> >
