#syracuse # cryptoparty @sig315 presentation by @ markscrano
DESCRIPTION
#Syracuse # CryptoParty @SIG315 Presentation by @ MarkScrano. What is a CryptoParty ?. CryptoParties are meetups to share and learn basic cryptographic tools such as PGP/GPG, Tor, OTR, TrueCrypt , etc. At CryptoParty , we teach, learn and share. CypherPunk Manifesto. - PowerPoint PPT PresentationTRANSCRIPT
#Syracuse #CryptoParty@SIG315
Presentation by @MarkScrano
What is a CryptoParty?
• CryptoParties are meetups to share and learn basic cryptographic tools such as PGP/GPG, Tor, OTR, TrueCrypt, etc. At CryptoParty, we teach, learn and share.
CypherPunk Manifesto• Protecting our data, information and privacy is of vital
importance, particularly on the internet. We variously lock up and otherwise protect physical objects such as cars, houses and credit cards. But how do we secure our electronic data? How do we protect ourselves on the internet? And how do we know whom to trust, and to what degree?
• Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world.
Hashing vs. Encrypting
Hashing• Fixed length digest• Can have collisions• Examples:
– MD5– SHA-0, -1, -2, -3
• What is it used for?– Checksums– Integrity validation– Digital signatures
Encryption• Variable length digest• Ciphertext• Examples:
– AES– Blowfish– 3DES
• What is it used for?– Confidentiality– Security (layered model)
SSL and TLS
• SSL & TLS provide a form of encryption.
• Helps protect data in transit.
• Tools– Firefox: NoScript, HTTPS
Everywhere– Chrome: Use HTTPS,
HTTPS Everywhere, --force-https(no http)
– Safari: SSL Everywhere
Tor and I2P
• The Onion Router• Defend against surveillance
– Additional Privacy (IP)– Confidential relationships– Reduce efforts to perform
traffic analysis• Hidden services (.onions)
• Invisible Internet Project• Anonymous web
– End to end encryption– EEP sites
• Tails Linux live CD has both securely configured and hardened
VPN
• Add a layer of encryption to unsecured websites
• Protect from wifi sniffing on open networks
• IP anonymity• Get a free/very low cost
VPS from Amazon EC2 and run OpenVPN
PGP & GPG• Email Security• Email is sent plaintext• Can be forged/altered• Who do we trust and how can
we protect our data?– Public/Private Keys– Public Key Servers– Sign email for integrity– Encrypt email for confidentiality
• Applications: – Kleopatra– Enigmail (Thunderbird)– APG (Android)
OTR
• Off-the-record chat– Encryption– Authentication– Deniability– Forward Secrecy
• Examples:– XMPP/Jabber– Pidgin OTR– CryptoCat
Android• PGP/GPG:
– APG (K9 Mail & file manager required) • OTR:
– Gibberbot• SMS and MMS
– TextSecure• TOR:
– OrBot Tor on Android– OrWeb Proxy and Privacy Browser
• Voice:– Redphone
• VPN:– Some built in functions– OpenVPN requires Root
iPhone• OTR:
– ChatSecure• PGP/GPG
– oPenGP (lite or $3.99)– Symantec PGP Viewer (no
sending function)• TOR:
– Onion Browser ($.99)• VPN:
– Many vendor/service specific options
Truecrypt
• Full Disk and Volume Encryption
• Automatic, Realtime, User transparent
• Provides Confidentiality and offers the ability to include Steganography to create hidden volumes.
Hard Drive Encryption
• Windows – EFS (Encrypted File
System)• Linux– LUKS (Linux Unified Key
Setup)• Mac OS– File Vault
Password protections
• Steve Gibson from GRC• Password Haystacks
– How secure is your password?
• Off the grid– Creates a grid to generate
unique secure passwords for use online
• Perfect Paper Passwords– One time password
implementation
Password Managers
• Lastpass• KeePass• Secure storage of
password s • Password generators• Plugins for all major
browsers and smartphones
Two Factor Authentication
• Something you know, something you have, something you are.
• Examples– Google Authenticator– SMS to phone– RSA Tokens– Yubikey
Research
• Cryptology ePrint Archive– Current research and
breakthroughs in Cryptograph
• Cryptoparty handbook– Work in progress– On Github
Resources• http://cryptoparty.org/• https://svn.torproject.org/svn/projects/presentations/ - TOR Presentation SVN • http://crypto.stackexchange.com/ - Q&A Site• https://cacr.uwaterloo.ca/hac/ - Handbook of Applied Cryptography• http://www.cypherpunks.ca/otr/ - OTR Chat• http://support.microsoft.com/kb/308989 - EFS Windows XP• http://windows.microsoft.com/en-US/windows-vista/Encrypt-or-decrypt-a-folder-or-file - EFS
Vista & 7• http://support.microsoft.com/kb/241201 - Certificate backup XP• http://windows.microsoft.com/is-IS/windows-vista/Back-up-Encrypting-File-System-EFS-
certificate - Certificate backup Vista & 7• https://www.grc.com/haystack.htm - Password Haystacks• https://www.grc.com/OffTheGrid.htm - Off the Grid GRC• https://www.grc.com/ppp.htm - Perfect Paper Passwords• https://github.com/cryptoparty/handbook - Cryptoparty Handbook• https://www.coursera.org/crypto/auth/welcome - Cryptography at Stanford University