Re: HTTP/2 and Pervasive Monitoring

In message <>, Amos Jeffries writes:

>For my part, I do not believe that timing assertions in the argument are
>sufficiently long.
>- 250ms is only the normal network lag of a connection 

That's not a relevant metric.

Imagine NSA buys 10 million CPUs dedicated CPUs for breaking HTTP
whitening.  These would be above and beyond what they currently use
for the plain-text HTTP PM, it's not a trivial cost.

At a cpu cost of 250 msec/connection, they can break:

	10e6 / .25 = 40 million HTTP connections a second.

According to Netcraft, there are north of 100 million active sites
on the web.

If, on average, they each get connection every other second, NSA
will no longer be able to see all the traffic, and therefore, in
strict mathematical terms it is no longer PM.

In practice it would still be, because NSA doesn't need to see all
traffic to pornsites, netflix, major news sites etc, and that amounts
to about 80% of all HTTP today.  This introduces a scaling factor
of about 5-10 in NSAs favour.

But all we need to know is how many HTTP connections there are
globally per second and how many CPUs NSA would be able to dedicate
to un-whitening, and do a division.

Unfortunately, neither number is readily available.

My back-of-the-envelope calculation came out to around a quarter
of a second which I estimate is about 32 bits of key.

Your BOTE numbers will vary, and I'd love to hear them.

But the conclusion is evident:  It doesn't take much work to make
PM uneconomical.


PS: A interesting point here is that NSA is not limited in space but
in money and energy.  We should really be talking about how many 
cents and Joule it takes to break a TCP connection.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

Received on Sunday, 17 August 2014 08:24:44 UTC