CryptoParty: like a Tupperware party for learning crypto

CryptoParty is a global movement for people who want to teach their neighbors how to use cryptography to protect themselves from snoopers, especially broad government surveillance. It was kicked off by @Asher_Wolf in response to the broad, sweeping Australian Internet surveillance bill, and involves throwing parties where folks who know how to use disk encryption, email encryption, and similar projects teach their neighbors to use it too.

There's a crowdsourced book -- "The CryptoParty Handbook," 400+ pages written in less than 24 hours by activists all over the world -- and other instructional materials to help you get started.

What is CryptoParty? Interested parties with computers, devices, and the desire to learn to use the most basic crypto programs and the fundamental concepts of their operation! CryptoParties are free to attend, public, and are commercially non-aligned.

CryptoParty (via Techdirt)

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: crypto • happy mutants • lawful interception • privacy • snoopers charter • surveillance

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

sgtdoom

Great blog posting, and for another great book (and believe me, I don’t normally recommend Forbes’ staff writers):

Andy Greenberg’s This Machine Kills Secrets —- truly stupendous!
J’Marinde Shephard

If I remember my history correctly, the US EXCELS at code-breaking.
http://twitter.com/OctaveFilms Octavio

But then there is this… https://twitter.com/ioerror/status/254763882449625088
- FoolishOwl
  
  Jacob Appelbaum’s response is worrisome. As one of the key people behind the TOR Project, he’s an expert on the subject. I hope he goes into more detail on his criticisms
  
  I had been thinking about whether I could help organize a key signing party or something of the sort for local people in Friends of Wikileaks. I’d been distressed to find that none of the people I’ve heard from through wlfriends.org have PGP/GPG keys registered, which is disappointing, given that the site emphasizes security and privacy in connecting people to begin with, and suggests posting a PGP public key in your profile. I’m no expert on security, but I’m trying to learn
  
  So organizing a CryptoParty would have seemed like just the thing to do. Except that there’s that worrying note from Appelbaum.
  - http://drwho.virtadpt.net/ The Doctor
    
    Check the archives of the liberation tech mailing list https://mailman.stanford.edu/pipermail/liberationtech/2012-October/005024.html the whole discussion from many sides can be found there. It’s worth reading the whole thread to see not only what comes out but how opinions evolved.
    - FoolishOwl
      
      Yes, that was informative. It sounds as if the text is imperfect, but nothing that can’t be significantly improved in a second draft.
      
      Also, it looks like there’s a scheduled CryptoParty coming up soon, and I expect that it will involve people who know what they’re talking about.
      - http://drwho.virtadpt.net/ The Doctor
        
        The handbook is also on Github now, and a number of us are working on our own edits to it.
    - Luther Blissett
      
      The threads are really interesting. Thanks setting the pointer. Hope Jacob really forks it, or find’s another way to contribute in his own way.
      - http://drwho.virtadpt.net/ The Doctor
        
        You’re welcome.
        
        It’s on Github now https://github.com/cryptoparty/handbook so almost forty of us have forked it and are working on edits. I also hear that another handbook-writing sprint is coming up either this weekend or the one after, so expect changes to be made and forks to be pulled.
http://synerdata.net/ Gordon Stark

You know, Cory, people always talk about crypto like it’s secure, which is deceptive to the young, and gives them a false sense of confidence.

It is relatively secure, and decrypting is a matter of how badly someone wants to decrypt it.

Encryption is a great way to keep things private from the average person, but to someone seeking secrets it is merely a sign of where some may be, and decrypting is usually just a matter of time and money and processor power, and far less than one might imagine, where not just a process of using a back door.

I would like to see more discussion of how secure crypto is NOT, and how easy it is for anyone who is determined to crack even “strong” encryption algorithms.

By leading the young to imagine that so-called “strong encryption” is hard for those with supercomputers and/or legislated back doors to crack, they are given a false sense of security which is counter- productive to their needs and intentions and comprehension of the limits of the relative security afforded by “strong encryption”.

As a rule, I consider encryption to be a good way to protect data from other commonplace and “unauthorized” people, while bearing in mind that authorities have made themselves authorized people, and that cracking encryption, while comparable to rocket science, is still just science, and not hard for those with the resources to accomplish.
- Cory Doctorow
  
  Sorry, this is just wrong. Assuming a modern cipher, a reasonable keylength, and a well-chosen key/passphrase, crypto is unbreakable in human (or geological) timescales, assuming no major breakthroughs in quantum computing or factoring the products of long primes.
  
  The weaknesses of crypto are:
  
  * Bad implementations
  
  * Bad keyphrases
  
  * “Rubber hose cryptanalysis” (beating people up for their keys)
  
  * Keyloggers/hidden cameras/rootkits
  
  But not brute-force attacks on ciphertexts. It’s trivial to use an off-the-shelf PC to encrypt data to the point where it would take all the compute power on the planet billions of years to decrypt it (again, assuming a good implementation and no unforeseen advances in quantum computing or prime-product factoring).
  - Luther Blissett
    
    Thanks for this clear and important comment, Cory.
    
    Could you get Jacob to elaborate on the above-quoted tweet? I’m even thinking about linking the handbook to colleagues, and trying to promote e-mail encryption.
    
    Just BTW: I came across a lot of weird things considering the acceptance of crypto in a private environment, but I was really surprised when was informed by a close friend working for aerospace institution that they are discouraged to use encryption. I mean, they are planning and launching satellites, developing stuff which gets patented and whatnot!
    - Thomas Shaddack
      
      It may be because of the balance between the benefits (added secrecy, which can be suboptimal if there’s a mistake in implementation or procedure), and costs (added work, added need to audit procedures so the work makes sense, possible trouble with data recovery – leaked data may be the less costly option than lost data).
      - Luther Blissett
        
        Hm, I somehow doubt it. I mean, they are responsible for constructing parts of the ISS and don’t even sign their mails. What could possibly go wrong if someone has a real interest in fucking things up, badly? SCADA is a joke compared to that.