← Back to context

Comment by suhputt

6 days ago

the time it takes for light to travel from los angeles to virginia is 12 - 16 ms, round trip is 30ms lets say - that is a noticeable delay, and it could be easily disproven that 80% of traffic is literally routed through VA

now.. could they just copy the traffic and send it to VA on a side channel? probably?

6 comments

suhputt

Reply
metadat  5 days ago

And how useful would this information be? srcIP:port_dstIP:port pairs with almost all traffic encrypted. Pretty boring from a sigint pov.

Instagram, YouTube, misc Web traffic, and torrents, with a side of minutae.

I'm certain the three letter agencies yearn for the days before letsencrypt was de facto.

  • rtkwe  5 days ago

    There is the small possibility that the NSA has found cracks in some of the popular cyphers and could actually make sense of the encrypted data. It's not completely out of the question, their cryptanalysis has been shown to be ahead of the public best efforts in the past. They demonstrated it back in the 70s with DES S-boxes hardening them against a technique no one publicly knew about until the 80s.

NGRhodes  5 days ago

i used to work, 15 years ago, on a (permissive, not covert) monitoring service for a UK national public service, the NHS spine core. We used switches to mirror ports and capture traffic in promisciouse mode on a few dozen servers split across a few datacentres that all the traffic went througg. We had certs installed to decode https. We could get enough hardware to do this step easily, but fast enough storage was an issue, we had 1 petabyte of usable storage across all sitesn that could hold a few days of content. We aimed to get this data filtered and forwarded into our central Splunk (seperate storage) and also into our bespoke dashboards within 60s. We often lagged...

  • iso1631  5 days ago

    You can only decode those https certificates if you are mitming them (and have a compromised certificate)

    A copy of the certificate and private keys won't help thanks to the magic of Diffie–Hellman, you can't passively (assuming you haven't got a practical quantum computer) read the stream

    Your company will have deployed root certificates to devices and run as a MITM. This is standard corporate firewall behaviour.

    • GoblinSlayer  5 days ago

      It's also possible to generate ephemeral keys deterministically, e.g. key=hash(escrow, sslrandom).