Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Introduction to Cryptography, PGP and disk encryption
Transcript of Introduction to Cryptography, PGP and disk encryption
What is a #CryptoParty?
They are events for interested parites "the most basic crypto programs and the fundamental concepts of their operation!"
Gonna assume most people are
using Windowz :(
Disk encryption software.
Friday 28th September 2012
(PGP: 0x5064B083 AEC10762 )
Hosted by DU Pirate Party
CryptoParties allow us to teach, learn and share basic crypto tools
CryptoParties are free to attend, public, and are commercially non-aligned.
"Privacy is the power to selectively reveal oneself to the world."
- Cypherpunk Manifesto, 1993.
Why is cypto need?
Online privacy is impossible without cryptographic tools. Unfortunately most crypto tools can be non-user friendly and difficult to get started with.
Crypto is necessary for privacy in the digital age. Privacy isn't secrecy.
We currently live in a country with extensive DNS monitoring.
Why crypto is needed?
By the end of this cryptopsrty you should have a better idea of the privacy risks online.
What we hope to achieve
Eircom are currently blocking "The Piratebay by court order. To enable this they are intercepting DNS trafffic which is then filtered to block TPB
Online advertising companies such as Google and Facebook are reliant on building vast profiles based on your online activities.
Every page you view which uses Google Analytics or has a "Like" button is potentially recording and tracking your online activity.
You should be able to:
Understand the basic concepts of cryptography
Set up PGP encryption keys, send, receive and check message signatures securely
Understand the basics of disk encryption and setting up LUKS/TrueCrypt.
Using Tor/VPN's for anonymity and privacy online - covered later by @thomaskerin
They are not lectures, the talks will
be quick introductions.
Primarily we will be helping one another set up these basic crypto tools and hopefully have some fun while we are at it.
Cryptography is Dangerous
The theory behind cryptography is solid and proven
Unfortunatly its all to easy to make mistakes. The software might not implement the crypto correctly.
Crypto can give a false sense of security
All issues from human error such as not securely removing original message after encryption
Use strong passphrases
Know your adversary?
Privacy from online advertisers requires a different level of precautions and security when compared with journalists and activists working under repressive regimes
If possible use a phrase or sentence with the addition of some special characters
Don't use short passwords and NEVER write them down!
Classes of Cryptography
cryptography uses one key for encryption and decryption
a pair of keys. A public key for encryption and a private key for decryption
PGP / GPG Encryption
PGP (Pretty Good Privacy) is an example of asymetric encryption
Software implementing the PGP algorithm alllow you to encrypt, decrypt and digitally sign messages.
You share your public key with everyone. When a message is encrypted with your public key, only you, with the corresponding private
key will be able to decrypt it.
What does a key look like?
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP PUBLIC KEY BLOCK-----
Sharing your Pub Key
Public key crypto works best when your key is very public.
Its easier for people to find your key and initiate private communications
There are public keyservers on the internet where you can submit your key and find others key by searching for there name or email
Public key crypto depends on your private key being kept priavte!
If it gets compromised by a malware infection or bad physical security of your devices, all your private communications can be compromised an adversery!
PGP has a lack of "forward-secrecy". An adversary able who can monitor your encrypted communications and subsequently compromises your private key via theft or subpoena will be able decrypt your messages!
PGP can be used to sign and protect data from being altered
A special crypto function can be run on data to genrate a "signature"
This signature is created with authors private key. Anyone with their public key can then confirm the data matches the signiture and is unaltered
Very useful! We will verify downloads
with this method later.
The OTR protocol eliminates the forward-secrecy problem.
A unique session key is generated for each IM conversation and it is destroyed at its end.
A powerful adversary will not be able to retroactively decrypt intercepted encrypted messages
Unfortunately crypto alone cannot protect you from adversary who presents threats of detention and/or torture
IM plugin available
Also important to protect your data on disk as well as in communication
There are a number of well reviewed, open source, asymmetric disk encryption tools available such as TrueCrypt and LUKS
More on these later!
Feeling a bit lost?
Crypto theory and all the potential pitfalls can be overwhelming. But it is pretty easy to get started!
https://www.gpgtools.org/ - OSX
http://www.gpg4win.org/ - Windows
Its important to ensure your download is valid and is not backdoored or compromised.
This can be done via the use of hash check-sums. The file data is passed through a special mathematical function, the result, a hash will be very different even if there is only a small change in the original file
You can compare your download with checksums on source site.
There are numerous utilities available to perform hash calculations
Generating GPG Key Pairs
1. Send a PGP encrypted message to someone at the #cryptoparty.
2. Decrypt a message sent to you
Click File -> New Certificate
Create a personal OpenPGP key pair.
Thanks to Khan Academy for the video
It is very important to secure your private key with a strong passphrase!
Create your key
Once your key pair is created its now time to export your public key to a keyserver.
People can now send you encrypted, private emails! Good job!
Send an encrypted
First you need to import the recipient's public key.
File -> Lookup Certificate on Server
Should be possible to find recipient by their email.
Once key is imported you can encrypt a message from text file.
File -> Sign / Encrypt Files
Sign & Encrypt
Select "Text Output"
#gpg -a --export <key id OR email>
GPG for Linux
#gpg --import keyfile.asc
#gpg --edit-key <key id OR email> > sign
Truecrypt and LUKS allow you to encrypt files, partitions or total physical drives.
Truecrypt offers complete encryption where a passphrase must be entered before the system will boot.
Truecrypt also offers hidden volumes
These provide plausable deniability
You can have a encrypted volume which contains non-sensitive data. You can place a hidden volume inside of it which contains your sensitive information.
You can provide outer volume password and adversary cannot prove there is more information
Can be very useful!!
I hope some people found this useful. Now go and spread crypto, teach someone else!
@thomaskerin will be talking next about Tor, VPN's and connection security