Melbourne’s #CryptoParty

Tentative date for Melbourne’s #CryptoParty – 2012 October 6th.

NEW laws will allow authorities to collect and monitor Australians’ internet records, including their web-browsing history, social media activity and emails. — [The Age]

“Throw a party, help ppl to install and use Tor, VPN’s, TrueCrypt, OTR, GPG… #CryptoParty”

Which brings me to keysigning parties. These are exactly what they sound like: a party where everyone gets together and signs everyone else’s keys. Darryl and I, when we traded keys, that was kind of a mini-keysigning party, one with only two sad and geeky attendees. But with more people, you create the seed of the web of trust, and the web can expand from there. As everyone on your keyring goes out into the world and meets more people, they can add more and more names to the ring. You don’t have to meet the new people, just trust that the signed key you get from the people in your web is valid.
So that’s why web of trust and parties go together like peanut butter and chocolate.
“Just tell them it’s a super-private party, invitational only,” I said. “Tell them not to bring anyone along or they won’t be admitted.”
Jolu looked at me over his coffee. “You’re joking, right? You tell people that, and they’ll bring extra friends.” …

Cory Doctorow – Little Brother

“Now, I’m not here to ask you to do anything active. You don’t have to go out jamming or anything. You’ve been brought here because we know you’re cool, we know you’re trustworthy. It’s that trustworthiness I want to get you to contribute tonight. Some of you will already be familiar with the web of trust and keysigning parties, but for the rest of you, I’ll run it down quickly –” Which I did.
“Now what I want from you tonight is to meet the people here and figure out how much you can trust them. We’re going to help you generate key-pairs and share them with each other.”
This part was tricky. Asking people to bring their own laptops wouldn’t have worked out, but we still needed to do something hella complicated that wouldn’t exactly work with paper and pencil.
I held up a laptop Jolu and I had rebuilt the night before, from the ground up. “I trust this machine. Every component in it was laid by our own hands. It’s running a fresh out-of-the-box version of ParanoidLinux, booted off of the DVD. If there’s a trustworthy computer left anywhere in the world, this might well be it.
“I’ve got a key-generator loaded here. You come up here and give it some random input — mash the keys, wiggle the mouse — and it will use that as the seed to create a random public- and private key for you, which it will display on the screen. You can take a picture of the private key with your phone, and hit any key to make it go away forever — it’s not stored on the disk at all. Then it will show you your public key. At that point, you call over all the people here you trust and who trust you, and they take a picture of the screen with you standing next to it, so they know whose key it is.
“When you get home, you have to convert the photos to keys. This is going to be a lot of work, I’m afraid, but you’ll only have to do it once. You have to be super-careful about typing these in — one mistake and you’re screwed. Luckily, we’ve got a way to tell if you’ve got it right: beneath the key will be a much shorter number, called the ‘fingerprint’. Once you’ve typed in the key, you can generate a fingerprint from it and compare it to the fingerprint, and if they match, you’ve got it right.”
They all boggled at me. OK, so I’d asked them to do something pretty weird, it’s true, but still.

Cory Doctorow – Little Brother

[1] New law to control cyber data (2012-Aug-23) [The Age]
[2] Cybercrime amendment a shadow of “#Ozlog” (2012-Aug-23) [Richard Chirgwin’s Blog]
[3] And softly went our privacy into the night (2012-Aug-23) [Crikey]

This entry was posted in politics, security, Tech and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.