I fully understand that but using the brute force attack does provide a good metric by how to judge things and yes I know that in my previous statement I didn't cover more detailed attacks as no one would like to read that wall of text. In response to another user above I look a little more closely at AES-256 taking into account using a quantum computer and the best attack against it. In that case we move from stellar mass energy requirements down to something that would become fairly trivial with a complexity of about 2^50.
If losing encryption keys is going to be a problem for with crypto that strong then it is already a problem for you as you neither have an ideal classical computer operating near the limit of Landauer's Principal nor do you have the ability to consume a large fraction of the US's total annual energy consumption. The problem is with encryption is that if it is feasable for a state actor to crack it, then it is also possiable for a large criminal gang to do so in a few years, and a few years later you can do so with a device that runs on a battery that you carry in your pocket, see the image in the original article where they point out that generating MD5 hash collisions can be done on your smart phone in about 30 seconds.
The reason I want crypto that has a chance of surviving the heat death of the universe is simple. Unless you are using a One Time Pad the encryption you haven't isn't provably secure for all time. It will be attacked and the strength of it will decrease. Is my data so important that it personally needs to be kept secure until the heat death of the universe? Simple answer is no, but at the same time it is something that I would like to see stay secure for the next 50-60 years until I'm taking a dirt nap.
So now lets look at AES-256. Here we are dealing with a cipher that is in that mass energy of a star to brute force on an ideal classical computer. Now that may seem pretty damn strong, but there is a related key attack against it that brings that complexity down to 2^99.5 from 2^256. At this point we are no longer talking about star sized energy requirements but instead a sizeable portion of the total annual energy output of a a nation on an ideal classical computer. While currently infeasible further advances in cryptanalysis and quantum computing will decrease this further. So using something like Grover's algorithm we could possibly get the work down to about 2^50. At that level we have already rejected crypto standards because they are easy to defeat.
So you mean I can have a computer that is approaching the limits ofLandauer's principle. Where does one find these mythical machines as I would love one that has the computational power of my desktop yet runs for years off of a single AA battery.
Ever since I read this blurb from Applied Cryptography by Bruce Schneier years ago it has really put things into perspective when it comes to what is strong crypto and what isn't. I got the concept from him so it isn't my own idea even if I did simplify the explanation of it.:
One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)
Given that k = 1.38×10^-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.
Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.
But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
I want crypto that has a good chance of outlasting the heat death of the universe even with a quantumcomputer. For symmetric key crypto this means you would need somewhere around a 601 bit keyspace IIRC before you exceed the mass energy of the universe.
Sounds very practical to me. The fact that this is in the realm of being done by a wealthy individual should indicate why. Lets say you are a wealthy criminal gang go out and get your self a bunch of beefy servers and fill them with GPUs. You now can defraud banks and others at a massive scale and probably make the money back in short order. 6500 CPUs and 110 GPUs isn't all that expensive. You could probably get that for $10,000,000-$20,000,000 and next year it will cost even less to get that computational power. The fact that we aren't talking about time or energy requirements that are on the order of lifetimes of stars or the mass energy of a star should tell you that it broken. Also attacks only get better with time. It only took 4 years to go from theoretical to actual.
These things keep on progressing usually following moors law like growth. As others have pointed out 1TB ones are available but they are expensive. My rule is that I will pay about $20 for a flash card or thumb drive which means now I can get a 64GB uSD card for just under $20, a 64GB USB 3.0 thumb drive for about $16, or a 64 GB USB OTG drive for about $20. Some time in the next 16 months I should be able to get 128 GB drives at those price points, and in 18 months after that 256GB drives. If I wanted I could get a 256GB USB 3.0 thumb drive now for about $55 or a 128GB uSD card for about $40. So give it a few more years (3-5 would be a good guess) and the miracle of smart engineers will deliver what you want at a reasonable price.
I've thought about doing a similar thing to this to defeat ALPRs but it seems that most of these methods don't take it far enough. most of them are trying to get some bleed into the surrounding area of the sensor. A few watts of power draw is nothing which is what most of these attempts do, I'm thinking like 100W power draw for each license plate. I'm looking for this effect but in the IR. So instead of trying to create lens flare I want to massively underexpose the image. In this case I may also get some massive lens flare as well but that isn't what I would have been shooting for. Also using some LEDs like these would be good as they are far enough into the IR that they don't have the red glow that others do.
don't you know you are suppose to recycle your used motor one quart at a time and the used filter gets its own trip as well. Same things with CFLs and use alkaline batteries. Each one gets its own special trip to the recycling center.
All joking aside I do a similar thing you do. I have a few bins and containers in the garage that hold all the shit I'm not suppose to toss in the trash or single stream curbside recycling and when I run out of storage I make a trip over to the county recycling center. On the way I stop by my in-laws house and pick up anything they want to get rid of and also stop by my mom's house and do the same as they are all on the way. I make the run a couple of times a year and it is only like a 15 mile drive there an back. And before anyone says what I am doing is illegal my in-laws and mother live in the same county as I do so their crap is allowed to go to that recycling center as well.
I always like my county's recycling center. When ever I go there I check to see what they have for deck stain and solvents as nothing beats getting free solvents if you clean parts or do lots of wood finishing. Add in that over the years I have gotten 3 unopened gallons of the deck stain I use and it is great. They will take all of the toxic crap, even coolant poisoned motor oil, and if you can use something you can take it.
The city cleanup events are also another great place to find quality trash. I told my uncle, who is a garbage man who works a number of these, to keep an eye out for a nice larger cast iron wood stove for when I finally build a cabin on my lake property. He usually sees one about every 3-5 years so I have a pretty good chance of getting one when I need it for free.
Apparently you don't understand the concept of reasonable and prudent. No one ever said following rules, regulations and guidelines ensures you are secure but so long as what you are doing is reasonable, prudent and also at the very minimum the industry best practices you wouldn't have to worry about being sued. Granted anyone can sue anyone for fun and profit but by taking reasonable and prudent actions usually defined as a minimum of industry best practices you can avoid losing the lawsuit. A zero day exploit that is used to carry out an attack is entirely possible but is not negligence. An exploit that is 5 years old with a patch has been available for 4 years 11 months and mitigating measures available for 5 years that is used to attack a system that has not been patched and taken mitigating actions is negligence as it would be reasonable and prudent in that time to take appropriate measures to resolve the vulnerability. Where you run into some grey area is there is an exploit that was recently disclosed and a patch or mitigating measures are available. On day 1 of the disclosure it isn't reasonable or prudent to deploy those to productions systems, but at what point is it reasonable and prudent to have done so. In this case regulations like NERC CIP provide a definition of what is a reasonable time so that covered entities can fully test and evaluate changes before applying them to a production system.
Additionally good security regulations and rules will employ the defense in depth principle which will help to mitigate problems if a vulnerability is discovered. Furthermore good regulations require some form of continuous monitoring of the system looking for issues and strange traffic, files, and/or behavior. So you have network firewalls, NIDS/NIPS devices, segmented LANs, host based firewalls, HIDS, a patch management program, following a security benchmark for the host and applications, practice least privileges, have minimal software installed on the host, have a tool scanning your network looking for new devices, have a vulnerability scanner scanning devices and hosts on your network, etc. all provide a good defense and provide multiple layers to stop and detect attacks in different ways. Sadly this cost money and doesn't show a return on the bottom line so it is seen as only a cost center, until there is a breach, so companies don't want to spend on doing what is needed.
Depends on the industry. The companies that handle the bulk electric grid in the the US and Canada do have rules and regulations covering their security. While not quite as strong companies handling payment card information also have some rules but they don't come backed with the force of law.
Ok, I didn't know about those. I will have to read up on them. Although just about anything is a step up from lead-acid batteries as the only thing they have going for them is low cost.
I don't think I would trust a person to have a large power dense always hot corrosive filled object in their house at the moment. I think most people would treat it like their water heater and when they notice a leak just have it replaced but I'm not sure that is a good thing with a sodium-sulfur batter. They would however be good a good choice for large batteries at substations, power plants, or large power consumers where they can be properly monitored and maintained. For consumers batteries like iron-nickle ones are ideal for home power storage as they can really take abuse and neglect and still work good for decades. Remember with the general population you are dealing with people who are pretty likely to have a car battery die on them because it was the original that came with the car 10 years ago and had been showing clear signs of failure for the last 3.
One of my wife's uncles lives out in the front range on 40 acres that has been in the family for generations. The problem with Californians is that they move out into the country and then bitch because there are country people out there who do country things, although this isn't limited to just Californians but seems to be urban people moving to rural areas. For my wife's uncle it is that he hunts from his back porch and has had the cops called on him because someone saw a person with a gun, for my neighbor's brother who raises hogs it is former city people complaining about the smell. Even last summer when a bunch of out of town relatives came to visit and we went up to my lake place all of the Californians flipped out because I carry a magnum class revolver when I am up there. The fact that carrying a gun is prudent in some areas because of large predators is lost on them. Everyone up there does for the same reason, the locals have had bears with cubs walking down their driveways, had the wolves run through their property, and a good number have seen the cougar that roams around there. Those relatives have never seen someone who isn't a police officer with a gun in real life and the only portrayal of non-police officers with guns has been from the movies or the local news. So naturally they believe that the gun will fire at any time if you so much as look at it the wrong way and that anyone who owns a handgun is either a want to be Dirty Harry or gang banger.
I like to tell recruiters and head hunters out there and also on the east coast that they can't afford me. They like to respond that the pay is very generous and I tell them that I am not taking a decrease in my standard of living so unless I can afford a ~2000 sq ft house on a.5 acre lot that backs up to a 14 acre wooded park where my children will be going to some of the best schools in the state that will be paid off in 9 years and I have a commute that is at most 40 minutes all while owning a multi acre lake property that is within a 2.25 hour drive that has 210 feet of shore line on a lake without a public water access that is owned outright all while saving close to 30% of my post tax income I'm not interested. Their response is that such a place doesn't exist and I tell them that it does but they won't pay me enough to afford it out there.
But we do have first amendment rights and also likely 5th amendment rights. Providing a password or pin likely is protected by both and has been ruled as such. In that situation I would have basically told them to piss off but in a much more polite fashion. It wouldn't have been the first time I have told a government agent what they don't want to hear. Then again I am a white guy with an anglicized last name who has a good job, good education, and clean background so I can get away with things like that without any real repercussions. By exercising my rights I hopefully can show others that they can do the same and also show the government agents that they don't have the power they would like to think they have.
Madrid was still faster than the US, even as a US citizen, but compared to other countries I have gone to it was slow. Maybe it was just that day but everything took forever, clearing customs, getting luggage, getting a taxi, it all took forever. The fastest customs experience that I have ever had was every time in Israel but that was because I was there for work as an official guest of the government and was able to use diplomatic line and was already cleared. By cleared I mean I had a full detailed background check performed by the Israeli government as I work on critical infrastructure for my job and they want to make sure I won't cause them problems. So Mossad has detailed information on me and people who I know and am related to. Upon exit I also got through with ease as I had special clearance and documentation so I did not get the full Q&A that everyone else does. Personally I was a bit put out as I am a security person and I would have found that a fascinating experience. I did get a glimpse of it when I was questioned about the item they had trouble scanning with the X-ray in the middle of my bag. The item in question was my old metal chassis 35mm SLR, assorted metal bodied lenses, and compact travel tri-pod.
As an American I hate going though customs in my country. I think the longest customs process I have ever been in other than the US one was when I went a Spain for business a couple of years ago. There it sucked because the Madrid airport is ultra slow at everything.
Slashdot Mirror
I fully understand that but using the brute force attack does provide a good metric by how to judge things and yes I know that in my previous statement I didn't cover more detailed attacks as no one would like to read that wall of text. In response to another user above I look a little more closely at AES-256 taking into account using a quantum computer and the best attack against it. In that case we move from stellar mass energy requirements down to something that would become fairly trivial with a complexity of about 2^50.
If losing encryption keys is going to be a problem for with crypto that strong then it is already a problem for you as you neither have an ideal classical computer operating near the limit of Landauer's Principal nor do you have the ability to consume a large fraction of the US's total annual energy consumption. The problem is with encryption is that if it is feasable for a state actor to crack it, then it is also possiable for a large criminal gang to do so in a few years, and a few years later you can do so with a device that runs on a battery that you carry in your pocket, see the image in the original article where they point out that generating MD5 hash collisions can be done on your smart phone in about 30 seconds.
The reason I want crypto that has a chance of surviving the heat death of the universe is simple. Unless you are using a One Time Pad the encryption you haven't isn't provably secure for all time. It will be attacked and the strength of it will decrease. Is my data so important that it personally needs to be kept secure until the heat death of the universe? Simple answer is no, but at the same time it is something that I would like to see stay secure for the next 50-60 years until I'm taking a dirt nap.
So now lets look at AES-256. Here we are dealing with a cipher that is in that mass energy of a star to brute force on an ideal classical computer. Now that may seem pretty damn strong, but there is a related key attack against it that brings that complexity down to 2^99.5 from 2^256. At this point we are no longer talking about star sized energy requirements but instead a sizeable portion of the total annual energy output of a a nation on an ideal classical computer. While currently infeasible further advances in cryptanalysis and quantum computing will decrease this further. So using something like Grover's algorithm we could possibly get the work down to about 2^50. At that level we have already rejected crypto standards because they are easy to defeat.
We've almost reached the limits of physics
So you mean I can have a computer that is approaching the limits ofLandauer's principle. Where does one find these mythical machines as I would love one that has the computational power of my desktop yet runs for years off of a single AA battery.
If it bleeds it leads.
has been around for a long time.
One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)
Given that k = 1.38×10^-16 erg/Kelvin, and that the ambient temperature of the universe is 3.2 Kelvin, an ideal computer running at 3.2K would consume 4.4×10^-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.
Now, the annual energy output of our sun is about 1.21×10^41 ergs. This is enough to power about 2.7×10^56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn't have the energy left over to perform any useful calculations with this counter.
But that's just one star, and a measly one at that. A typical supernova releases something like 10^51 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.
These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.
I want crypto that has a good chance of outlasting the heat death of the universe even with a quantum computer. For symmetric key crypto this means you would need somewhere around a 601 bit keyspace IIRC before you exceed the mass energy of the universe.
Sounds very practical to me. The fact that this is in the realm of being done by a wealthy individual should indicate why. Lets say you are a wealthy criminal gang go out and get your self a bunch of beefy servers and fill them with GPUs. You now can defraud banks and others at a massive scale and probably make the money back in short order. 6500 CPUs and 110 GPUs isn't all that expensive. You could probably get that for $10,000,000-$20,000,000 and next year it will cost even less to get that computational power. The fact that we aren't talking about time or energy requirements that are on the order of lifetimes of stars or the mass energy of a star should tell you that it broken. Also attacks only get better with time. It only took 4 years to go from theoretical to actual.
These things keep on progressing usually following moors law like growth. As others have pointed out 1TB ones are available but they are expensive. My rule is that I will pay about $20 for a flash card or thumb drive which means now I can get a 64GB uSD card for just under $20, a 64GB USB 3.0 thumb drive for about $16, or a 64 GB USB OTG drive for about $20. Some time in the next 16 months I should be able to get 128 GB drives at those price points, and in 18 months after that 256GB drives. If I wanted I could get a 256GB USB 3.0 thumb drive now for about $55 or a 128GB uSD card for about $40. So give it a few more years (3-5 would be a good guess) and the miracle of smart engineers will deliver what you want at a reasonable price.
I've thought about doing a similar thing to this to defeat ALPRs but it seems that most of these methods don't take it far enough. most of them are trying to get some bleed into the surrounding area of the sensor. A few watts of power draw is nothing which is what most of these attempts do, I'm thinking like 100W power draw for each license plate. I'm looking for this effect but in the IR. So instead of trying to create lens flare I want to massively underexpose the image. In this case I may also get some massive lens flare as well but that isn't what I would have been shooting for. Also using some LEDs like these would be good as they are far enough into the IR that they don't have the red glow that others do.
Giuliani was just converting all the servers to a five-year-old version of Joomla.
So a massive modernization then.
How about a Ron Wyden and a Ron Paul.
don't you know you are suppose to recycle your used motor one quart at a time and the used filter gets its own trip as well. Same things with CFLs and use alkaline batteries. Each one gets its own special trip to the recycling center.
All joking aside I do a similar thing you do. I have a few bins and containers in the garage that hold all the shit I'm not suppose to toss in the trash or single stream curbside recycling and when I run out of storage I make a trip over to the county recycling center. On the way I stop by my in-laws house and pick up anything they want to get rid of and also stop by my mom's house and do the same as they are all on the way. I make the run a couple of times a year and it is only like a 15 mile drive there an back. And before anyone says what I am doing is illegal my in-laws and mother live in the same county as I do so their crap is allowed to go to that recycling center as well.
I always like my county's recycling center. When ever I go there I check to see what they have for deck stain and solvents as nothing beats getting free solvents if you clean parts or do lots of wood finishing. Add in that over the years I have gotten 3 unopened gallons of the deck stain I use and it is great. They will take all of the toxic crap, even coolant poisoned motor oil, and if you can use something you can take it.
The city cleanup events are also another great place to find quality trash. I told my uncle, who is a garbage man who works a number of these, to keep an eye out for a nice larger cast iron wood stove for when I finally build a cabin on my lake property. He usually sees one about every 3-5 years so I have a pretty good chance of getting one when I need it for free.
Apparently you don't understand the concept of reasonable and prudent. No one ever said following rules, regulations and guidelines ensures you are secure but so long as what you are doing is reasonable, prudent and also at the very minimum the industry best practices you wouldn't have to worry about being sued. Granted anyone can sue anyone for fun and profit but by taking reasonable and prudent actions usually defined as a minimum of industry best practices you can avoid losing the lawsuit. A zero day exploit that is used to carry out an attack is entirely possible but is not negligence. An exploit that is 5 years old with a patch has been available for 4 years 11 months and mitigating measures available for 5 years that is used to attack a system that has not been patched and taken mitigating actions is negligence as it would be reasonable and prudent in that time to take appropriate measures to resolve the vulnerability. Where you run into some grey area is there is an exploit that was recently disclosed and a patch or mitigating measures are available. On day 1 of the disclosure it isn't reasonable or prudent to deploy those to productions systems, but at what point is it reasonable and prudent to have done so. In this case regulations like NERC CIP provide a definition of what is a reasonable time so that covered entities can fully test and evaluate changes before applying them to a production system.
Additionally good security regulations and rules will employ the defense in depth principle which will help to mitigate problems if a vulnerability is discovered. Furthermore good regulations require some form of continuous monitoring of the system looking for issues and strange traffic, files, and/or behavior. So you have network firewalls, NIDS/NIPS devices, segmented LANs, host based firewalls, HIDS, a patch management program, following a security benchmark for the host and applications, practice least privileges, have minimal software installed on the host, have a tool scanning your network looking for new devices, have a vulnerability scanner scanning devices and hosts on your network, etc. all provide a good defense and provide multiple layers to stop and detect attacks in different ways. Sadly this cost money and doesn't show a return on the bottom line so it is seen as only a cost center, until there is a breach, so companies don't want to spend on doing what is needed.
Depends on the industry. The companies that handle the bulk electric grid in the the US and Canada do have rules and regulations covering their security. While not quite as strong companies handling payment card information also have some rules but they don't come backed with the force of law.
Because mammoth steaks probably taste delicious. Why do you think they were hunted before.
That is only because you haven't eaten good ones.
Ok, I didn't know about those. I will have to read up on them. Although just about anything is a step up from lead-acid batteries as the only thing they have going for them is low cost.
I don't think I would trust a person to have a large power dense always hot corrosive filled object in their house at the moment. I think most people would treat it like their water heater and when they notice a leak just have it replaced but I'm not sure that is a good thing with a sodium-sulfur batter. They would however be good a good choice for large batteries at substations, power plants, or large power consumers where they can be properly monitored and maintained. For consumers batteries like iron-nickle ones are ideal for home power storage as they can really take abuse and neglect and still work good for decades. Remember with the general population you are dealing with people who are pretty likely to have a car battery die on them because it was the original that came with the car 10 years ago and had been showing clear signs of failure for the last 3.
One of my wife's uncles lives out in the front range on 40 acres that has been in the family for generations. The problem with Californians is that they move out into the country and then bitch because there are country people out there who do country things, although this isn't limited to just Californians but seems to be urban people moving to rural areas. For my wife's uncle it is that he hunts from his back porch and has had the cops called on him because someone saw a person with a gun, for my neighbor's brother who raises hogs it is former city people complaining about the smell. Even last summer when a bunch of out of town relatives came to visit and we went up to my lake place all of the Californians flipped out because I carry a magnum class revolver when I am up there. The fact that carrying a gun is prudent in some areas because of large predators is lost on them. Everyone up there does for the same reason, the locals have had bears with cubs walking down their driveways, had the wolves run through their property, and a good number have seen the cougar that roams around there. Those relatives have never seen someone who isn't a police officer with a gun in real life and the only portrayal of non-police officers with guns has been from the movies or the local news. So naturally they believe that the gun will fire at any time if you so much as look at it the wrong way and that anyone who owns a handgun is either a want to be Dirty Harry or gang banger.
I like to tell recruiters and head hunters out there and also on the east coast that they can't afford me. They like to respond that the pay is very generous and I tell them that I am not taking a decrease in my standard of living so unless I can afford a ~2000 sq ft house on a .5 acre lot that backs up to a 14 acre wooded park where my children will be going to some of the best schools in the state that will be paid off in 9 years and I have a commute that is at most 40 minutes all while owning a multi acre lake property that is within a 2.25 hour drive that has 210 feet of shore line on a lake without a public water access that is owned outright all while saving close to 30% of my post tax income I'm not interested. Their response is that such a place doesn't exist and I tell them that it does but they won't pay me enough to afford it out there.
But we do have first amendment rights and also likely 5th amendment rights. Providing a password or pin likely is protected by both and has been ruled as such. In that situation I would have basically told them to piss off but in a much more polite fashion. It wouldn't have been the first time I have told a government agent what they don't want to hear. Then again I am a white guy with an anglicized last name who has a good job, good education, and clean background so I can get away with things like that without any real repercussions. By exercising my rights I hopefully can show others that they can do the same and also show the government agents that they don't have the power they would like to think they have.
The question:
What difference does it make?
Madrid was still faster than the US, even as a US citizen, but compared to other countries I have gone to it was slow. Maybe it was just that day but everything took forever, clearing customs, getting luggage, getting a taxi, it all took forever. The fastest customs experience that I have ever had was every time in Israel but that was because I was there for work as an official guest of the government and was able to use diplomatic line and was already cleared. By cleared I mean I had a full detailed background check performed by the Israeli government as I work on critical infrastructure for my job and they want to make sure I won't cause them problems. So Mossad has detailed information on me and people who I know and am related to. Upon exit I also got through with ease as I had special clearance and documentation so I did not get the full Q&A that everyone else does. Personally I was a bit put out as I am a security person and I would have found that a fascinating experience. I did get a glimpse of it when I was questioned about the item they had trouble scanning with the X-ray in the middle of my bag. The item in question was my old metal chassis 35mm SLR, assorted metal bodied lenses, and compact travel tri-pod.
As an American I hate going though customs in my country. I think the longest customs process I have ever been in other than the US one was when I went a Spain for business a couple of years ago. There it sucked because the Madrid airport is ultra slow at everything.