• Posts
  • RSS
  • ◂◂RSS
  • Contact

  • Decrypt All Https Traffic?

    August 30th, 2013
    privacy, tech  [html]
    With the recent increased interest in internet surveillance, people sometimes say things like "the NSA is snooping on everything, even encrypted traffic". Could they really do that? How hard would it be?

    No one has good stats on total internet traffic but Wikipedia publishes their numbers and we can use that to estimate. They get 12.7B monthly global pageviews or 4.9K pageviews per second. Alexa estimates that Wikipedia has 5,629 pageviews per million, which is another way of saying they're 0.5629% of all traffic. These give total pageviews per second for the internet as a whole at around 1 million. [1]

    (Note: all the numbers in this post are very rough. In talking about practicality of breaking cryptography we often care about orders of magnitude of orders of magnitude.)

    I can't find any stats on what fraction of these are encrypted, but let's say 1 in 50 (2%). That's 20K encrypted pages per second. What kind of hardware would you need to keep up with that?

    Imagine we were all still using DES to encrypt everything. While there are some theoretical attacks faster than brute force, in practice people just try all the combinations. The key length is 56 bits, so there are only 256 keys to try. This is low enough to be practical now: you can pay cloudcracker to do this in about a day. They're using specialized hardware and on average need 12 hours to crack a DES key.

    At 12 hours per key on one machine to crack the 20K/s of https traffic as it comes in you'd need about a 0.9 billion of them. Maybe they cost $1K each in those quantities, so this is about $1T for just the machines. Electricity to run and cool them would also be enormous, but $1T is already more than ten times the entire intelligence budget.

    But the NSA would have custom hardware, right? Those machines are using powerful FPGAs, 48 per box with 40 cores each, but in those volumes you want to go with custom chips. Even if you can get them down to $1 for a 40 core chip you still need 40 billion of them, along with all the supporting hardware and infrastructure.

    Remember, though, that all of this is about cracking DES while the weakest encryption people are using for SSL is 128 bit AES. With keys this long brute force is beyond impractical. [2] There might be flaws in AES, but they would need to bring it from a complexity of 2128 down to 256 before they were in the range of DES, and that would be an incredible cryptographic achievement. [3]

    Unless the NSA has production-quality quantum computers or has solved AES to where it's trivial to break, both of which are very unlikely, they're not decrypting https traffic at scale.


    [1] Methodology from here.

    [2] The Landauer limit is the "minimum possible amount of energy required to change one bit of information," and is 2.89e-21 joules. Trying 2128 keys requires at least that many bit flips, so 9.8e17 joules. That's 278 terawatt hours, which is about 1000 large power plants operating for a year. And testing a key would require many bit flips, not just one.

    [3] The best public attack (pdf) gets the complexity down to 2126.1.

    Comment via: google plus, facebook

    Recent posts on blogs I like:

    Austerity is Inefficient

    Working on an emergency timetable for regional rail has made it clear how an environment of austerity requires tradeoffs that reduce efficiency. I already talked about how the Swiss electronics before concrete slogan is not about not spending money but ab…

    via Pedestrian Observations February 27, 2021

    Fireside Friday, February 26, 2021

    Fireside this week, but next week we are diving into our long awaited series on pre-modern textile production, though we will be particularly focused on the most important clothing fibers in the Mediterranean world, wool and linen (rather than, say, silk …

    via A Collection of Unmitigated Pedantry February 26, 2021

    The Troubling Ethics of Writing (A Speech from Ancient Sumer)

    (Translated from a transcript of an ancient Sumerian speech by Uruk's most well-respected Scriptological Ethicist) Writing is a profoundly dangerous technology: Access to writing was initially, and still remains, uneven. What's worse, the rich are m…

    via BLOG - Cullen O'Keefe February 15, 2021

    more     (via openring)


  • Posts
  • RSS
  • ◂◂RSS
  • Contact