CryptoParty: like a Tupperware party for learning crypto

CryptoParty is a global movement for people who want to teach their neighbors how to use cryptography to protect themselves from snoopers, especially broad government surveillance. It was kicked off by @Asher_Wolf in response to the broad, sweeping Australian Internet surveillance bill, and involves throwing parties where folks who know how to use disk encryption, email encryption, and similar projects teach their neighbors to use it too.

There's a crowdsourced book -- "The CryptoParty Handbook," 400+ pages written in less than 24 hours by activists all over the world -- and other instructional materials to help you get started.

What is CryptoParty? Interested parties with computers, devices, and the desire to learn to use the most basic crypto programs and the fundamental concepts of their operation! CryptoParties are free to attend, public, and are commercially non-aligned.

CryptoParty (via Techdirt)



  1. Great blog posting, and for another great book (and believe me, I don’t normally recommend Forbes’ staff writers):

    Andy Greenberg’s This Machine Kills Secrets  —- truly stupendous!

    1. Jacob Appelbaum’s response is worrisome. As one of the key people behind the TOR Project, he’s an expert on the subject. I hope he goes into more detail on his criticisms

      I had been thinking about whether I could help organize a key signing party or something of the sort for local people in Friends of Wikileaks. I’d been distressed to find that none of the people I’ve heard from through have PGP/GPG keys registered, which is disappointing, given that the site emphasizes security and privacy in connecting people to begin with, and suggests posting a PGP public key in your profile. I’m no expert on security, but I’m trying to learn

      So organizing a CryptoParty would have seemed like just the thing to do. Except that there’s that worrying note from Appelbaum.

        1. Yes, that was informative. It sounds as if the text is imperfect, but nothing that can’t be significantly improved in a second draft.

          Also, it looks like there’s a scheduled CryptoParty coming up soon, and I expect that it will involve people who know what they’re talking about.

        2. The threads are really interesting. Thanks setting the pointer. Hope Jacob really forks it, or find’s another way to contribute in his own way.

  2. You know, Cory, people always talk about crypto like it’s secure, which is deceptive to the young, and gives them a false sense of confidence.

    It is relatively secure, and decrypting is a matter of how badly someone wants to decrypt it.

    Encryption is a great way to keep things private from the average person, but to someone seeking secrets it is merely a sign of where some may be, and decrypting is usually just a matter of time and money and processor power, and far less than one might imagine, where not just a process of using a back door.

    I would like to see more discussion of how secure crypto is NOT, and how easy it is for anyone who is determined to crack even “strong” encryption algorithms.

    By leading the young to imagine that so-called “strong encryption” is hard for those with supercomputers and/or legislated back doors to crack, they are given a false sense of security which is counter- productive to their needs and intentions and comprehension of the limits of the relative security afforded by “strong encryption”.

    As a rule, I consider encryption to be a good way to protect data from other commonplace and “unauthorized” people, while bearing in mind that authorities have made themselves authorized people, and that cracking encryption, while comparable to rocket science, is still just science, and not hard for those with the resources to accomplish.

    1.  Sorry, this is just wrong. Assuming a modern cipher, a reasonable keylength, and a well-chosen key/passphrase, crypto is unbreakable in human (or geological) timescales, assuming no major breakthroughs in quantum computing or factoring the products of long primes.

      The weaknesses of crypto are:

      * Bad implementations

      * Bad keyphrases

      * “Rubber hose cryptanalysis” (beating people up for their keys)

      * Keyloggers/hidden cameras/rootkits

      But not brute-force attacks on ciphertexts. It’s trivial to use an off-the-shelf PC to encrypt data to the point where it would take all the compute power on the planet billions of years to decrypt it (again, assuming a good implementation and no unforeseen advances in quantum computing or prime-product factoring).

      1. Thanks for this clear and important comment, Cory.

        Could you get Jacob to elaborate on the above-quoted tweet? I’m even thinking about linking the handbook to colleagues, and trying to promote e-mail encryption.

        Just BTW: I came across a lot of weird things considering the acceptance of crypto in a private environment, but I was really surprised when was informed by a close friend working for aerospace institution that they are discouraged to use encryption. I mean, they are planning and launching satellites, developing stuff which gets patented and whatnot!

        1. It may be because of the balance between the benefits (added secrecy, which can be suboptimal if there’s a mistake in implementation or procedure), and costs (added work, added need to audit procedures so the work makes sense, possible trouble with data recovery – leaked data may be the less costly option than lost data).

          1. Hm, I somehow doubt it. I mean, they are responsible for constructing parts of the ISS and don’t even sign their mails. What could possibly go wrong if someone has a real interest in fucking things up, badly? SCADA is a joke compared to that.

Comments are closed.