Concepts in Crypto

Parker Higgins [email protected] @xor PGP: 4FF3 AA1B D29E 1638 32DE C765 9433 5F88 9A36 7709

Micah Lee [email protected] @micahflee PGP: 5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Who We Are

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Fighting for Crypto Rights

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Crypto Terminology ● ● ● ● ●

Plaintext Key Ciphertext Public Key Crypto Symmetric Crypto

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Open Source Crypto ●





How your crypto works should not be a secret The only secret should be the key Through these covert partnerships [with tech companies], the agencies [like NSA] have inserted secret vulnerabilities – known as backdoors or trapdoors into commercial encryption software. - The Guardian

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Threat Modeling

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Types of Encryption ●

Transport encryption –



End to end encryption –



HTTPS, when connecting to websites PGP, Off-the-Record

Disk encryption – – –

TrueCrypt FileVault LUKS

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Diffie-Hellman Key Exchange

How is it possible for two people to come up with a shared crypto key when everything is being spied on?

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

PGP: Pretty Good Privacy ●



Originally written by Phil Zimmermann in 1991 for anti-nuclear weapons activists Keys are split into two halves: – –



With a public key you can: – –



Public key (share it widely) Secret key (keep it secret, keep it safe) Encrypt messages that can only be decrypted with the associated secret key Verify signatures that that were signed with the associated secret key

With a secret key you can: – –

Decrypt messages that were encrypted with the associated public key Digitally sign messages

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

PGP in Practice ●





GnuPG: open source implementation of OpenPGP (you shouldn't use the proprietary program called PGP) Thunderbird: a desktop email client, you can use it to check your email Enigmail: Thunderbird addon that adds OpenPGP functionality

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

HTTPS ● ●



You already use it every day! End-to-end encryption between your browser and the website's server Install HTTPS Everywhere! https://www.eff.org/https-everywhere

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Man in the Middle Attacks (Woman in the Way?)

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Certificate Authorities (CAs) ●







When you load an HTTPS website it gives you its certificate, which includes its public key Your web browser uses this public key to initiate a secure session What if there's a MITM attack and you get a malicious public key instead?! CAs are companies whose job is to verify that the public key you get is valid

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Certificate Authorities (CAs)

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Mix Networks

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Anonymous Remailers

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor: The Onion Router

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor: The Onion Router

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor: The Onion Router

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor is Easy to Use

Download the Tor Browser from: https://www.torproject.org/

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Use Crypto Today Off-the-Record IM Encryption ●







End-to-end encryption chat over any existing service (Google Talk, Facebook, Jabber, AOL, etc.) Windows & Linux: Pidgin and OTR plugin https://pidgin.im/ https://otr.cypherpunks.ca/ Mac: Adium https://adium.im/ iOS, Android: ChatSecure

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Use Crypto Today Full Disk Encryption ●



● ● ●

If you leave your laptop on the bus, your can still remain safe! Windows: TrueCrypt, BitLocker http://www.truecrypt.org/ Mac: FileVault (built-in) Linux: LUKS (built-in) Newer versions of Android (built-in)

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Learn More ●





EFF's Surveillance Self-Defense Guide: https://ssd.eff.org/ Security in a Box: https://securityinabox.org/ Encryption Works: https://pressfreedomfoundation.org/encrypt ion-works

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Thank You!

Parker Higgins [email protected] @xor PGP: 4FF3 AA1B D29E 1638 32DE C765 9433 5F88 9A36 7709

Micah Lee [email protected] @micahflee PGP: 5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Concepts in Crypto - GitHub

to check your email. ○. Enigmail: Thunderbird addon that adds OpenPGP ... you its certificate, which includes its public key ... iOS, Android: ChatSecure ...

616KB Sizes 3 Downloads 157 Views

Recommend Documents

Boost.Generic: Concepts without Concepts - GitHub
You Tell Me ... auto operator -( L lhs, R rhs ) -> decltype( lhs + -rhs ) ... In these tables, T is an object or reference type to be supplied by a C++ program.

1499589342742-crypto-invest-for-crypto-invest-all-for-critique-alex ...
... Positioned HimselfAs AnExpert OnCryptocurrencyTrading. Page 2 of 2. 1499589342742-crypto-invest-for-crypto-invest-all-for-critique-alex-fortins-bitcoin.pdf.

OMD - Crypto competitions
August 25, 2015. Summary ..... In summary,. 6 ...... We note that when the message is empty then OMD acts almost the same as. XMACC on the associated data.

Joltik v1.3 - Crypto competitions
Aug 28, 2015 - for unique nonces, we obtain birthday-bound security (not an online .... In this section, we provide the high-level description of our proposal. Joltik uses ...... Volume 6110 of Lecture Notes in Computer Science., Springer (2010).

Deoxys v1.3 - Crypto competitions
Aug 28, 2015 - School of Physical and Mathematical Science, ... security for unique nonces, we obtain birthday-bound security (not an online nonce-misuse.

SILC - Crypto competitions
Aug 29, 2015 - operation for authenticated encryption with associated data (AEAD), which is also called an ... Also we assume the big-endian format for all variables. ..... With respect to the security, SILC inherits the advantages of CLOC over GCM.

Deoxys v1.3 - Crypto competitions
Aug 28, 2015 - tweak inputs of all the tweakable block cipher calls are all unique. ..... defined in a standard way for tweakable ciphers, i.e. EK(T,P) = C and E.

Crypto Vault White Paper.pdf
... get to the exact currency you want. That process gets. even more difficult when you're trying to do it from your phone. By integrating with all of the major. exchanges, Crypto Vault will be able to take care of all of those exchanges at the push

(Crypto currencies) PDF Full book
Aug 9, 2017 - up your wallet, the best apps for mobile devices, and how to buy your first bitcoins. We'll start ... Build Your Own Web. WalletKnow How to Buy.

DEFCON Crypto & Privacy Village Schedule -
Eva Galperin, EFF. 13:30. Setting Up Your Own Self-Hosted Encrypted Email. Justin Culbertson ... E-Zpass Non-Toll Tag Tracking. Puking Monkey. 17:30. 18:00.

DEFCON Crypto & Privacy Village Schedule -
Setting Up Your Own Self-Hosted Encrypted Email. Justin Culbertson. 14:00. Shattering Your Secrets: ... Puking Monkey. 17:30. 18:00. CLOSE UP. SATURDAY.