Concepts in Crypto

Parker Higgins [email protected] @xor PGP: 4FF3 AA1B D29E 1638 32DE C765 9433 5F88 9A36 7709

Micah Lee [email protected] @micahflee PGP: 5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Who We Are

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Fighting for Crypto Rights

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Crypto Terminology ● ● ● ● ●

Plaintext Key Ciphertext Public Key Crypto Symmetric Crypto

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Open Source Crypto ●





How your crypto works should not be a secret The only secret should be the key Through these covert partnerships [with tech companies], the agencies [like NSA] have inserted secret vulnerabilities – known as backdoors or trapdoors into commercial encryption software. - The Guardian

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Threat Modeling

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Types of Encryption ●

Transport encryption –



End to end encryption –



HTTPS, when connecting to websites PGP, Off-the-Record

Disk encryption – – –

TrueCrypt FileVault LUKS

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Diffie-Hellman Key Exchange

How is it possible for two people to come up with a shared crypto key when everything is being spied on?

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

PGP: Pretty Good Privacy ●



Originally written by Phil Zimmermann in 1991 for anti-nuclear weapons activists Keys are split into two halves: – –



With a public key you can: – –



Public key (share it widely) Secret key (keep it secret, keep it safe) Encrypt messages that can only be decrypted with the associated secret key Verify signatures that that were signed with the associated secret key

With a secret key you can: – –

Decrypt messages that were encrypted with the associated public key Digitally sign messages

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

PGP in Practice ●





GnuPG: open source implementation of OpenPGP (you shouldn't use the proprietary program called PGP) Thunderbird: a desktop email client, you can use it to check your email Enigmail: Thunderbird addon that adds OpenPGP functionality

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

HTTPS ● ●



You already use it every day! End-to-end encryption between your browser and the website's server Install HTTPS Everywhere! https://www.eff.org/https-everywhere

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Man in the Middle Attacks (Woman in the Way?)

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Certificate Authorities (CAs) ●







When you load an HTTPS website it gives you its certificate, which includes its public key Your web browser uses this public key to initiate a secure session What if there's a MITM attack and you get a malicious public key instead?! CAs are companies whose job is to verify that the public key you get is valid

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Certificate Authorities (CAs)

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Mix Networks

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Anonymous Remailers

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor: The Onion Router

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor: The Onion Router

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor: The Onion Router

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Tor is Easy to Use

Download the Tor Browser from: https://www.torproject.org/

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Use Crypto Today Off-the-Record IM Encryption ●







End-to-end encryption chat over any existing service (Google Talk, Facebook, Jabber, AOL, etc.) Windows & Linux: Pidgin and OTR plugin https://pidgin.im/ https://otr.cypherpunks.ca/ Mac: Adium https://adium.im/ iOS, Android: ChatSecure

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Use Crypto Today Full Disk Encryption ●



● ● ●

If you leave your laptop on the bus, your can still remain safe! Windows: TrueCrypt, BitLocker http://www.truecrypt.org/ Mac: FileVault (built-in) Linux: LUKS (built-in) Newer versions of Android (built-in)

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Learn More ●





EFF's Surveillance Self-Defense Guide: https://ssd.eff.org/ Security in a Box: https://securityinabox.org/ Encryption Works: https://pressfreedomfoundation.org/encrypt ion-works

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Thank You!

Parker Higgins [email protected] @xor PGP: 4FF3 AA1B D29E 1638 32DE C765 9433 5F88 9A36 7709

Micah Lee [email protected] @micahflee PGP: 5C17 6163 61BD 9F92 422A C08B B4D2 5A1E 9999 9697

ELECTRONIC FRONTIER FOUNDATION

https://www.eff.org

Concepts in Crypto - GitHub

to check your email. ○. Enigmail: Thunderbird addon that adds OpenPGP ... you its certificate, which includes its public key ... iOS, Android: ChatSecure ...

616KB Sizes 3 Downloads 366 Views

Recommend Documents

Boost.Generic: Concepts without Concepts - GitHub
You Tell Me ... auto operator -( L lhs, R rhs ) -> decltype( lhs + -rhs ) ... In these tables, T is an object or reference type to be supplied by a C++ program.

OMD - Crypto competitions
Aug 25, 2015 - Resistance against software-level timing attacks. ..... sha-256( , ||0256− || ) is a PRF providing a -bit security; as (to the best of our knowledge) there is no ...... CAESAR competition mailing list, 25 April 2014.

1499589342742-crypto-invest-for-crypto-invest-all-for-critique-alex ...
... Positioned HimselfAs AnExpert OnCryptocurrencyTrading. Page 2 of 2. 1499589342742-crypto-invest-for-crypto-invest-all-for-critique-alex-fortins-bitcoin.pdf.

Joltik v1.3 - Crypto competitions
Aug 28, 2015 - for unique nonces, we obtain birthday-bound security (not an online .... In this section, we provide the high-level description of our proposal. Joltik uses ...... Volume 6110 of Lecture Notes in Computer Science., Springer (2010).

OMD - Crypto competitions
August 25, 2015. Summary ..... In summary,. 6 ...... We note that when the message is empty then OMD acts almost the same as. XMACC on the associated data.

Deoxys v1.3 - Crypto competitions
Aug 28, 2015 - School of Physical and Mathematical Science, ... security for unique nonces, we obtain birthday-bound security (not an online nonce-misuse.

Joltik v1.3 - Crypto competitions
Aug 28, 2015 - It performs very well for small messages (only m + 1 calls to ..... defined in a standard way for tweakable ciphers, i.e. EK(T,P) = C and E. −1. K.

SILC - Crypto competitions
Aug 29, 2015 - operation for authenticated encryption with associated data (AEAD), which is also called an ... Also we assume the big-endian format for all variables. ..... With respect to the security, SILC inherits the advantages of CLOC over GCM.

Deoxys v1.3 - Crypto competitions
Aug 28, 2015 - tweak inputs of all the tweakable block cipher calls are all unique. ..... defined in a standard way for tweakable ciphers, i.e. EK(T,P) = C and E.

Whitepaper - Providence - Crypto Casino & Resort
Sep 1, 2017 - that are on the forefront are Online Gambling and eSports as one of the early adopters of cryptocurrencies and blockchain technologies. The uptake of cryptocurrencies in these online gambling activities has had overwhelmingly successful

Artemia v 1.1 - Crypto competitions
Mar 31, 2014 - Transformations S1, S2 and S3. All the SBoxes used in the round function are the same and they are identical to the SBox of AES. The lookup ...

Artemia v 1.1 - Crypto competitions
Mar 31, 2014 - It is an online nonce-based authenticated encryption scheme which supports the ...... Notes in Computer Science, pages 222–239. Springer ...

AES-OTR v3 - Crypto competitions
Lecture Notes in Computer Science, vol. 6733, pp. 306–327. Springer (2011). [23] Luby, M., Rackoff, C.: How to Construct Pseudorandom Permutations from ...

lecture 10: advanced bayesian concepts - GitHub
some probability distribution function (PDF) of perfect data x, but what we measure is d, a noisy version of x, and noise is ... We can also try to marginalize over x analytically: convolve true PDF with noise PDF and do this for each ... We would li

Start Investing in Crypto with Athena v2.pdf
Loading… Page 1. Whoops! There was a problem loading more pages. Retrying... Start Investing in Crypto with Athena v2.pdf. Start Investing in Crypto with Athena v2.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying Start Investing in Cry

Crypto Vault White Paper.pdf
... get to the exact currency you want. That process gets. even more difficult when you're trying to do it from your phone. By integrating with all of the major. exchanges, Crypto Vault will be able to take care of all of those exchanges at the push

DEFCON Crypto & Privacy Village Schedule -
Eva Galperin, EFF. 13:30. Setting Up Your Own Self-Hosted Encrypted Email. Justin Culbertson ... E-Zpass Non-Toll Tag Tracking. Puking Monkey. 17:30. 18:00.

DEFCON Crypto & Privacy Village Schedule -
Setting Up Your Own Self-Hosted Encrypted Email. Justin Culbertson. 14:00. Shattering Your Secrets: ... Puking Monkey. 17:30. 18:00. CLOSE UP. SATURDAY.

Combining Crypto with Biometrics Effectively
a repeatable binary string from biometrics opens new possible applications, where a strong binding is .... diversity: A user may wish separate keys for her bank.

(Crypto currencies) PDF Full book
Aug 9, 2017 - up your wallet, the best apps for mobile devices, and how to buy your first bitcoins. We'll start ... Build Your Own Web. WalletKnow How to Buy.

HTML5 in Action - GitHub
on the client machine between sessions. The data can be overwritten or erased only by the application itself or by the user performing a manual clear down of the local stor- age area. The API of the sessionStorage attribute is identical to that of th