• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Decrypt All Https Traffic?

    August 30th, 2013
    privacy, tech  [html]
    With the recent increased interest in internet surveillance, people sometimes say things like "the NSA is snooping on everything, even encrypted traffic". Could they really do that? How hard would it be?

    No one has good stats on total internet traffic but Wikipedia publishes their numbers and we can use that to estimate. They get 12.7B monthly global pageviews or 4.9K pageviews per second. Alexa estimates that Wikipedia has 5,629 pageviews per million, which is another way of saying they're 0.5629% of all traffic. These give total pageviews per second for the internet as a whole at around 1 million. [1]

    (Note: all the numbers in this post are very rough. In talking about practicality of breaking cryptography we often care about orders of magnitude of orders of magnitude.)

    I can't find any stats on what fraction of these are encrypted, but let's say 1 in 50 (2%). That's 20K encrypted pages per second. What kind of hardware would you need to keep up with that?

    Imagine we were all still using DES to encrypt everything. While there are some theoretical attacks faster than brute force, in practice people just try all the combinations. The key length is 56 bits, so there are only 256 keys to try. This is low enough to be practical now: you can pay cloudcracker to do this in about a day. They're using specialized hardware and on average need 12 hours to crack a DES key.

    At 12 hours per key on one machine to crack the 20K/s of https traffic as it comes in you'd need about a 0.9 billion of them. Maybe they cost $1K each in those quantities, so this is about $1T for just the machines. Electricity to run and cool them would also be enormous, but $1T is already more than ten times the entire intelligence budget.

    But the NSA would have custom hardware, right? Those machines are using powerful FPGAs, 48 per box with 40 cores each, but in those volumes you want to go with custom chips. Even if you can get them down to $1 for a 40 core chip you still need 40 billion of them, along with all the supporting hardware and infrastructure.

    Remember, though, that all of this is about cracking DES while the weakest encryption people are using for SSL is 128 bit AES. With keys this long brute force is beyond impractical. [2] There might be flaws in AES, but they would need to bring it from a complexity of 2128 down to 256 before they were in the range of DES, and that would be an incredible cryptographic achievement. [3]

    Unless the NSA has production-quality quantum computers or has solved AES to where it's trivial to break, both of which are very unlikely, they're not decrypting https traffic at scale.


    [1] Methodology from here.

    [2] The Landauer limit is the "minimum possible amount of energy required to change one bit of information," and is 2.89e-21 joules. Trying 2128 keys requires at least that many bit flips, so 9.8e17 joules. That's 278 terawatt hours, which is about 1000 large power plants operating for a year. And testing a key would require many bit flips, not just one.

    [3] The best public attack (pdf) gets the complexity down to 2126.1.

    Comment via: google plus, facebook

    Recent posts on blogs I like:

    Some reasons to work on productivity and velocity

    A common topic of discussion among my close friends is where the bottlenecks are in our productivity and how we can execute more quickly. This is very different from what I see in my extended social circles, where people commonly say that velocity doesn…

    via Posts on Dan Luu October 15, 2021

    EDT with updating double counts

    I recently got confused thinking about the following case: Calculator bet: I am offered the opportunity to bet on a mathematical statement X to which I initially assign 50% probability (perhaps X = 139926 is a quadratic residue modulo 314159). I have acce…

    via The sideways view October 12, 2021

    Meditations on newborns

    [Content: death.]I wrote most of this a couple of months ago when Nora was a newborn, but the first few months are not that conducive to finishing blog posts. New babies put you into a liminal period, both in your own experience and in how others treat yo…

    via The whole sky October 3, 2021

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact