Make a Difference Cryptoparty Workshop

Hello! Welcome to this introductory on encryption, hosted by me, Elana Hashman. Thanks to Amit Levy for curriclum review and Adrian Feldman for mentoring.

Here are all the resources you'll need for this workshop.

Exercises

1. We'll visit an encrypted website, but it doesn't ensure security! Click here.
2. Can you access the secret information here? (Hint: have you ever looked at the list of most common passwords?)

Software to Install

HTTPS Everywhere (for Chrome and Linux browsers):

• The HTTPS Everywhere addon website.
• If you use mobile Firefox, you can install this on your phone, too!
• Note: this addon can break authentication portals for open wifi access points. If, in the future, you can't seem to reach the login page for an access point, you can try to access it through gstatic.com or temporarily disable HTTPS Everywhere to access it.

Full-Disk Encryption (for phones and laptops):

• For Windows users: Enable BitLocker tutorial.
• For OSX users: Enable FileVault tutorial.
• For Linux users: Flag down a mentor, we'll try to help.
• For iOS phones: As long as you have a passcode set, your phone is encrypted.
• For Android phones: “Settings > Security > Encryption: Encrypt Phone”

Signal Secure Messenger (for your iOS and Android mobile phones):

• The Signal app website.

Terms

• Encryption: a means of encoding messages to prevent unauthorized parties from accessing them.
• Unencrypted: a message sent without using encryption. Sometimes called “transmitting in the clear” or “plaintext”.
• End-to-end encryption: A type of encryption that ensures only the intended recipients can read a message, even if it needs to pass through an intermediary party (such as an email server). The intermediary cannot access the contents of the message.
• (Cryptographic) Signing: a special use case of encryption that allows a user to prove they are the sender of a message.
• Network: a communications system that consists of a group of connected computers that can communicate with one another.
• Traffic: messages sent over a computer network. So-named because networks have limited capacity (bandwidth) for traffic, and hence high levels of traffic can cause network congestion.
• Protocol: a system of rules for entities in a communications system to transmit information. Entities could be computers, wireless access points, etc.
  • HTTP: “Hypertext Transfer Protocol”, the protocol for sending web pages across the internet.
  • HTTPS: “HTTP over SSL/TLS”, or secure HTTP. HTTP requests are unencrypted. HTTPS is encrypted.
  • SSL/TLS: “Secure Sockets Layer”/”Transport Layer Security”, a suite of protocols for encrypting internet traffic. SSL has been replaced by TLS, hence TLS is commonly referred to as SSL for legacy reasons.
  • VPNs: “Virtual Private Networks”, a technology that allows you to connect to a network you are not physically connected to, usually with traffic encryption enabled.
  • Full-disk encryption: refers to encrypting your computer’s entire hard disk. When you boot your computer, a key is used to decrypt the contents.
  • PGP: “Pretty Good Privacy”, a file and text encryption protocol.
  • (XMPP+)OTR: “Off-the Record”, a protocol for encrypting chat messages. It is commonly used with the XMPP chat protocol.
• Software Applications:
  • HTTPS Everywhere: a Firefox and Chrome extension that transparently redirects unencrypted HTTP traffic to HTTPS traffic where supported, ensuring that your internet traffic is always encrypted when it can be.
  • Signal: a messaging application for iPhone and Android that encrypts your communications end-to-end. Requires use of your real phone number.
  • Tor: “The Onion Router”, a protocol and application suite that uses encryption and special traffic routing protocols to provide anonymity.
  • GPG: “GNU Privacy Guard”, a widely used free implementation of the PGP protocol.
  • Enigmail: A plugin for Thunderbird that helps users encrypt and sign email messages using GPG.