• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Decrypt All Https Traffic?

    August 30th, 2013
    privacy, tech  [html]
    With the recent increased interest in internet surveillance, people sometimes say things like "the NSA is snooping on everything, even encrypted traffic". Could they really do that? How hard would it be?

    No one has good stats on total internet traffic but Wikipedia publishes their numbers and we can use that to estimate. They get 12.7B monthly global pageviews or 4.9K pageviews per second. Alexa estimates that Wikipedia has 5,629 pageviews per million, which is another way of saying they're 0.5629% of all traffic. These give total pageviews per second for the internet as a whole at around 1 million. [1]

    (Note: all the numbers in this post are very rough. In talking about practicality of breaking cryptography we often care about orders of magnitude of orders of magnitude.)

    I can't find any stats on what fraction of these are encrypted, but let's say 1 in 50 (2%). That's 20K encrypted pages per second. What kind of hardware would you need to keep up with that?

    Imagine we were all still using DES to encrypt everything. While there are some theoretical attacks faster than brute force, in practice people just try all the combinations. The key length is 56 bits, so there are only 256 keys to try. This is low enough to be practical now: you can pay cloudcracker to do this in about a day. They're using specialized hardware and on average need 12 hours to crack a DES key.

    At 12 hours per key on one machine to crack the 20K/s of https traffic as it comes in you'd need about a 0.9 billion of them. Maybe they cost $1K each in those quantities, so this is about $1T for just the machines. Electricity to run and cool them would also be enormous, but $1T is already more than ten times the entire intelligence budget.

    But the NSA would have custom hardware, right? Those machines are using powerful FPGAs, 48 per box with 40 cores each, but in those volumes you want to go with custom chips. Even if you can get them down to $1 for a 40 core chip you still need 40 billion of them, along with all the supporting hardware and infrastructure.

    Remember, though, that all of this is about cracking DES while the weakest encryption people are using for SSL is 128 bit AES. With keys this long brute force is beyond impractical. [2] There might be flaws in AES, but they would need to bring it from a complexity of 2128 down to 256 before they were in the range of DES, and that would be an incredible cryptographic achievement. [3]

    Unless the NSA has production-quality quantum computers or has solved AES to where it's trivial to break, both of which are very unlikely, they're not decrypting https traffic at scale.


    [1] Methodology from here.

    [2] The Landauer limit is the "minimum possible amount of energy required to change one bit of information," and is 2.89e-21 joules. Trying 2128 keys requires at least that many bit flips, so 9.8e17 joules. That's 278 terawatt hours, which is about 1000 large power plants operating for a year. And testing a key would require many bit flips, not just one.

    [3] The best public attack (pdf) gets the complexity down to 2126.1.

    Comment via: google plus, facebook

    Recent posts on blogs I like:

    Governance in Rich Liberal American Cities

    Matt Yglesias has a blog post called Make Blue America Great Again, about governance in rich liberal states like New York and California. He talks about various good government issues, and he pays a lot of attention specifically to TransitMatters and our …

    via Pedestrian Observations November 19, 2020

    Collections: Why Military History?

    This week, I want to talk about the discipline of military history: what it is, why it is important and how I see my own place within it. This is going to be a bit of an unusual collections post as it is less about the past itself and more about how we st…

    via A Collection of Unmitigated Pedantry November 13, 2020

    Misalignment and misuse: whose values are manifest?

    Crossposted from world spirit sock puppet. AI related disasters are often categorized as involving misaligned AI, or misuse, or accident. Where: misuse means the bad outcomes were wanted by the people involved, misalignment means the bad outcomes were wan…

    via Meteuphoric November 13, 2020

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact