Home > Documents > Crypto Party ATX

Crypto Party ATX

Date post: 23-Feb-2016
Author: lucien
View: 61 times
Download: 2 times
Share this document with a friend
Crypto Party ATX. Shameless self-promotion. Visit us at https://CryptoPartyATX.org Step-by-step guides on how to encrypt your emails, text messages, files and folders Guides to maintaining your privacy by choosing stronger passwords and securely deleting data Info on upcoming parties - PowerPoint PPT Presentation
Embed Size (px)
Popular Tags:
of 27 /27
Crypto Party ATX Shameless self-promotion Visit us at https://CryptoPartyATX.org Step-by-step guides on how to encrypt your emails, text messages, files and folders Guides to maintaining your privacy by choosing stronger passwords and securely deleting data Info on upcoming parties Need help? Email [email protected] Please contribute! Let us know if you have any questions; chances are someone else has those questions, too. If we know where it’s unclear, we can make those parts better. Can you do it better? Let us know how, or do it yourself and send it to us!

Crypto Party

Crypto Party ATXShameless self-promotionVisit us at https://CryptoPartyATX.org

Step-by-step guides on how to encrypt your emails, text messages, files and foldersGuides to maintaining your privacy by choosing stronger passwords and securely deleting dataInfo on upcoming partiesNeed help? Email [email protected] contribute! Let us know if you have any questions; chances are someone else has those questions, too. If we know where its unclear, we can make those parts better.Can you do it better? Let us know how, or do it yourself and send it to us!

Tonights Topic: Email EncryptionBasics of Encryption in GeneralDefinition and ExamplesKeys and Key PairsWhat Email Encryption does and does not doHow to set up Email EncryptionQuestions?EncryptionAn IntroductionWhat is Encryption?Encryption is a means of putting text (or any computer data) into a secret code, so only the intended person can read it.A cipher or algorithm is the set of rules or instructions that shows how to write a message using the secret code.Historical examples: Caesars Cipher, Enigma Machine, PGPCommonly substitution and/or transpositionSubstitution: switching particular characters for othersTransposition: moving characters around using set rulesKeys essentially just long passwords, but they also help determine how text is substituted and transformedSubstitution ExamplesSubstitution is the process of switching letters with other letters in a specific way, so the letters can be un-switched later if the reader knows how they were switched, or if the reader can figure out how they were switched.Reverse-AlphabetABCDEFGHIJKLMNOPQRSTUVWXYZZYXWVUTSRQPONMLKJIHGFEDCBAThe message HOWDY is written SLDWBCaesars Cipher Shift letters 3 spacesABCDEFGHIJKLMNOPQRSTUVWXYZDEFGHIJKLMNOPQRSTUVWXYZABCThe message HOWDY is written KRZGBTransposition ExamplesTransposition is the process of changing the text in a specific way, so that it can be un-changed later if the reader knows how it was changed, or if someone can figure out how it changed.Reverse charactersMEET US AT THE NEXT CRYPTO PARTYYTRAP OTPYRC TXEN EHT TA SU TEEMAlternate charactersMEET_US AT_THE_NEXT CRYPTO_PARTYME_SA_H_ETCYT_ATETU TTENX RPOPRY

A step furtherkeysThink about Caesars cipher. If he always used the same +3 transposition, then anyone who figured it out or learned it would be able to read all of his coded messages. We need some way to change the code when we need to, and fortunately we have one. This is by adding a key or password to the mix.In a simple way, Caesars cipher could be improved by changing how much is added to each letter. Instead of using the same key of 3 every time, we could use the key 4 for one person, and the key 5 for another.Were still following the same method of adding to the letter positions (i.e., the same cipher), but now we can do it differently for different people.MessageMessage+3+3PhvvdjhSame message to two parties coded the same wayMessageMessage+4+5QiwwekiSame message to two parties w/ different passwordsRjxxfljKeys Keys, along with a cipher, are used to encrypt messages (plain text) and/or decrypt coded text (cipher text). A key could be as simple as a digit or password, or as complicated as a PGP key.Keys make it more difficult to decrypt the coded message by changing the rules for how things are encoded or decoded.Example: Enigma MachineSometimes there are two keys one to lock and another to unlock:Private Keys (or Secret Keys) such as passwords are used to decode messages. Never share a Private Key with anyone you dont want to read your coded messages.Public Keys are used to encode messages. There is generally no harm in giving out a Public Key.Single Keys (Symmetric Encryption) Some types of encryption use a single key such as a password. For example, if you encrypt a message with the password dog, you would use the password dog to decrypt it as well. To send a coded message, you will have to tell someone the key and hope that no one else finds out.If a cipher uses the same key to put something into code as it does to take it back out, then the cipher is said to be symmetric.

MessagePasswordSecret CodeMessagePasswordSecret CodeSymmetric EncryptionThe same password works in both directionsKey Pairs (Asymmetric Encryption) Some ciphers use a different key to encrypt a message than to decrypt it. For example, you might encrypt a message with the password dog, but to read the message you would need the password cat.If a cipher uses one key to put something into code and a different key to take it back out, then the cipher is said to be asymmetric. In practice, both keys are created at the same time, and form a key pair. The keys in a key pair only work with each other, so any message encrypted with a one key of the pair can only be decrypted by the other key of the same key pair.MessageKey 1Secret CodeMessageKey 2Secret CodeAsymmetric EncryptionOne key is used to encrypt the message, but a completely different key is used to decrypt the message.- Key PairThe Advantage of Key PairsAdvantage: Anyone can encrypt a message for you, but only you can decrypt it.If you have a pair of keys that each work in only one direction, then you only need to keep one key secret. The one you keep secret is called the Private Key. The Private Key is used only to decrypt messages*, and it is the only key that can decrypt those messages.The Public Key is used only to encrypt messages. This means you can give it out to anyone, since the only thing someone could do with it is encrypt a message. Because the key is part of a pair, if someone encrypts a message using your Public Key, then only you can decrypt the message because only you have the Private Key.MessagePublic KeySecret CodeMessagePrivate KeySecret CodeA Public Key is used to encrypt a message.

A Private Key is used to decrypt a message.- Key Pair* And for signing messages, but were just giving an intro here11SummarySymmetric Encryption(with Single Keys)Same key is used to put a message in code and to take it back out of code.Somehow the key must be shared with the recipient without sharing it with snoops.Asymmetric Encryption(Key Pairs)Different keys are used to put a message in or to take a message out of code.The Public Key can be shared with anyone, so anyone can send you a message.The Private Key is never shared, so only you can read the messages.Key Pairs for Email EncryptionIf I have explained this well, you can hopefully already see why we use Key Pairs for encrypting email messages. Heres a quick summary:You do not always have a secure way to contact someone. If you only contact someone through email, how could you tell them a password? If you emailed a symmetric password, you might as well not have one, since anyone monitoring the email could see the password and use it just as easily as the intended recipient could.You want to be the only person who can decrypt the message. If you tell anyone a password, there is some chance of them sharing it with someone else. Having one password to encrypt a message and a different password to decrypt it means that you never have to share the password that unlocks the messages, but you can tell anyone the password to lock a message. Theres no harm in more people finding out how to send a message that only you can read.

Purpose of Email EncryptionWhat it does, and what it does notHow Private is Email?Would you want to use postcards for nearly every message you send? (You do.)When you send a postcard, anyone who handles it along the way could look down and read the message. Sometimes it doesnt matter, but I would not want to send every letter this way. Sometimes I want only the recipient to be able to read the message.

When you send an email, its just about as private as a postcard. Instead of being handed from person to person and sent by truck, however, emails are passed from server to server until they end up at the destination. But like it is with postcards, any server involved in transmitting the message could also read or store the whole message.

With email, the following parties could possibly read the message as it goes by:Anyone on the same open or wired network, unless using SSLYour Internet Service Provider (ISP) (e.g., TWC, ATT, Grande, etc.), unless using SSLYour email provider (e.g., Gmail, Yahoo, Hotmail, etc.)Your contacts email providerYour contacts Internet Service Provider (ISP)Your contactANDanyone with access to the data of any person or company aboveMaking Postcards More PrivateNormal Email Message:Message and Metadata visible

Encrypted Email Message:Only metadata visible

What Email Encryption DoesEmail Encryption will allow you to put the content of a message into code.When you encrypt the message using your contacts Public Key, only your contact will be able to decrypt it; they are the only one with the Private Key of the same pair.If a contact sends you a message encrypted with your Public Key, only you have the right Private key to decrypt it.What Email Encryption DoesntEmail Encryption will not hide the fact that you sent a messageIt will not hide your email address or your contacts email address.It will not hide the date or time the message was sent.It will not hide the Subject line of your message.Any snoops will be able to see whom the message was sent from and to, when it was sent, the subject line, and possibly the IP from which the message was sent. But they will not be able to read the message.Setting Up Email EncryptionPutting theory into practiceEmail Encryption in GeneralHeres how we go about using Key Pairs in Email Encryption:Install an Email Program that supports PGP encryptionInstall a Key Manager program to keep track of our own Key Pairs and our contacts Public Keys.Create a Key Pair.Install an Add-On to the Email Program to let it work with our Key ManagerUse a contacts Public Key to send them a message. Use our own Private Key to read a message from our contact.

Email Program - Thunderbirdhttps://www.mozilla.org/en-US/thunderbird/

Thunderbird is an open source email program from Mozilla, the makers of Firefox. It is available for Windows, OS X, and Linux. Download and install Thunderbird, then follow the on-screen steps to add your current email account.

GPG / Key Manager Programhttp://www.gpg4win.org/GNU Privacy Assistant (Windows)GPA is a key manager included in the the GPG4Win package. GPG4Win is an open-source package implementing many of the features of GPG on Windows systems.https://gpgtools.org/GPG Keychain Access (OS X)GPG Keychain Access is the key manager included in the GPGTools GPGSuite package. GPGSuite is an open-source package implementing many of the features of GPG on OS X systems.

Creating a Key PairFirst, download and install the key manager program for your operating system. WINDOWS USERS: Please be sure to select the checkbox next to GPA when installing gpg4winNext, find and click New Key or something similar.Fill out the requested information and set a password.You now have a key a pair a private key to decrypt messages and a public key so people can send you messagesThunderbird Add-on: Engimailhttps://www.enigmail.net/Enigmail is a Thunderbird Add-on that works with your key manager program. Go to the Add-ons section in Thunderbird and search for Enigmail. Install the Add-on and restart Thunderbird.Check the OpenPGP Security settings in the Account Settings menu to make sure it uses the correct Private Key and encrypts your messages by default (if desired).

Sending an Encrypted MessageFirst you will need someone elses public key. If you dont know anyone with a public key, you can download mine from our website (or from a keyserver):https://cryptopartyatx.org/content/FE0E7924.ascSave your contacts public key to a file, and click Import to import it to your Key Manager program (GPA or GPG Keychain Access)Press the Write button in Thunderbird and compose an email. (If youre using my Public Key, send the email to [email protected])Click the lock icon in the bottom right to activate it. When you send the message, it will be automatically be encrypted with the Public Key of the recipient (as long as you imported that key into your key manager program already).Receiving an Encrypted MessageIf someone uses your Public Key to encrypt a message, then you will use your Private Key to decrypt it.The process is nearly automatic. When you get an encrypted email, as soon as you try to read it you will be asked for a password. Type the password you used when you made your key pair.Questions?