Difference between revisions of "Cryptoparty/2014/March"

From Sudo Room
Jump to navigation Jump to search
 
(2 intermediate revisions by 2 users not shown)
Line 24: Line 24:
*OTR generates ephemeral keys for each session
*OTR generates ephemeral keys for each session
*Tails auto wipe + shutdown when key is pulled
*Tails auto wipe + shutdown when key is pulled
*VPN to friendly jurisdiction --> VPN to Riseup --> Tor out of there
**Can one go through Tor to the VPN?
***Too slow
*OpenShift gives out free SSH tunnels on demand
*Keysigning party
**[http://cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html HOWTO]
**[http://herrons.com/keysigning-party-guide/ Keysigning Party Guide]
**[https://en.wikipedia.org/wiki/Zimmermann%E2%80%93Sassaman_key-signing_protocol Zimmerman-Sassaman Keysigning Protocol]


=Gratuitous Link Dump=
=Gratuitous Link Dump=
*https://fixubuntu.com -  
*https://fixubuntu.com -  
*http://g10code.com/ - Purchase magcards and USB sticks for hosting your public key
*http://kernelconcepts.de/ - Purchase magcards and USB sticks for hosting your public key
**[http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=42 OpenPGP Smartcard V2]
***Generates and hosts up to 4096-bit PGP keys
***Can store up to three (3) PGP keypairs
***Can store login credentials in a separate datastore
***User PIN must be entered correctly to encrypt or sign
****Three failed attempts locks the card
***Admin PIN must be entered correctly to unlock or edit card.
****Three failed attempts fries the card
***Standard smartcard formfactor
***Contacts and chip can be punched out to form what is basically a [http://shop.kernelconcepts.de/images/opgpv2.jpg SIM card]
**[http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=119 Gemalto Shell Token v2]
***USB key form factor
***Unlock, slide SIM card-punchout from smartcard in, relock
***Works just like a smartcard plugged into [http://shop.kernelconcepts.de/product_info.php?cPath=1_26&products_id=124 a USB smartcard reader]
**Works with GnuPG (gpg-agent), requires pcsclite, pcsc-tools, libusb, libusb-compat to operate.

Latest revision as of 11:43, 24 April 2014

This month's cryptoparty will take place on 16 March 2014.

Agenda

  • Encrypting hard drive (Mac)
  • GPG Keysigning party + protocol
  • Step-by-step resources
  • OTR sessions keys
  • Encrypted email on phone
    • K9 for Android (sucks), and putting PGP keys on phone is not a good idea - though if you're not being targetted
    • Phones are just broken. Generally.
  • Mobile security (Redphone, TextSecure)

Workshops

  • Hard drive encryption
  • Email encryption

Notes

  • Outreach to other communities
    • Hold a cryptoparty at a mosque?
    • Infoshops
  • Upgrade Mac OS due to broken SSL certs
    • Do not store private key in iCloud!
  • Try out ChatSecure for XMPP
  • OTR generates ephemeral keys for each session
  • Tails auto wipe + shutdown when key is pulled
  • VPN to friendly jurisdiction --> VPN to Riseup --> Tor out of there
    • Can one go through Tor to the VPN?
      • Too slow
  • OpenShift gives out free SSH tunnels on demand
  • Keysigning party

Gratuitous Link Dump

  • https://fixubuntu.com -
  • http://kernelconcepts.de/ - Purchase magcards and USB sticks for hosting your public key
    • OpenPGP Smartcard V2
      • Generates and hosts up to 4096-bit PGP keys
      • Can store up to three (3) PGP keypairs
      • Can store login credentials in a separate datastore
      • User PIN must be entered correctly to encrypt or sign
        • Three failed attempts locks the card
      • Admin PIN must be entered correctly to unlock or edit card.
        • Three failed attempts fries the card
      • Standard smartcard formfactor
      • Contacts and chip can be punched out to form what is basically a SIM card
    • Gemalto Shell Token v2
      • USB key form factor
      • Unlock, slide SIM card-punchout from smartcard in, relock
      • Works just like a smartcard plugged into a USB smartcard reader
    • Works with GnuPG (gpg-agent), requires pcsclite, pcsc-tools, libusb, libusb-compat to operate.