Past Meetup

Cryptoparty - Hands on tutorial on secure communication, and key signing.

This Meetup is past

11 people went

Location image of event venue



I've been invited to use the office of the company I work at, in SoMa in San Francisco. No food service of course, but we can independently order from Grub Hub or something. Plenty of space, power outlets, Internet. We'll be in the kitchen area, and there are a couple couches.

I'm not sure about the technical address at this door, but Lucerne St is very small. If you come down from Brannan, you'll see our name and logo clearly printed on a clear door to the right. It's a 15 minute walk from the 4th and King Caltrain station, maybe 20 min from Bart. I hear parking is reasonable on Brannan on Sunday afternoon. If you need help finding the place, I'm at 952-836-7070.

Some things for the event day, coming up soon:

* In case it doesn't go without saying, bring your laptop if you want to participate. I encourage you to do so. However if you just want to come by to learn or hang out, that's fine.

* If you have a power strip on hand, could you bring it? The current place probably has enough outlets, but it wouldn't hurt just in case.

Update: Could you do me a favor?

As part of this event I would like to run an experiment. If this event works out, I would like to use this as an example to petition to run a similar (but much bigger) event this summer at Porcfest in New Hampshire. The thing about Porcfest, though, is that there's almost no Internet connection. Even when I did this in Oakland, we were bogged down by slow download speeds. I think I have some ideas to speed it up. But as part of it, I need as many people as I can get to gather some information for me ahead of time. Please take a look at this link:

It has further explanations, and I would guess the whole thing should take 5, maybe 10 minutes, max. I tried to make it as straightforward as I could.

If this doesn't work out, don't worry, we have a good Internet connection where we're going, so we can fall back on that.


General Description:

I (Dan Krol) recently went to a cryptoparty at the Sudoroom in Oakland. I think this crypto stuff is altogether cool, but also of particular interest to people of our stripe. I don't know a ton, but I think I know enough to get people set up with PGP (GPG specifically) so you can:

* Encrypt emails: Only your recipient(s) can read it.
* Sign emails: Any recipients can verify that you are the actual source of the email.

These are both well and good, if you can trust that you have the actual key of the person you are communicating with. Apart from impostors, there's also the risk of a man-in-the-middle attack. So I would also cover:

* Signing keys: Verify *in person* that the key you hold actually belongs to the person you think it does, and create a verifiable record of it.
* Web of trust: We all upload our signatures of each other's keys to a public key server for anybody to access. If one day I sign Teresa's key in person, and on a later day Teresa signs Davi's key in person, I can pull down Teresa's signature of Davi's key from the key server, and, because I verified the key Teresa used to sign it, use that as evidence (assuming I trust Teresa) that I now also have Davi's real key as well without ever signing his key in person.

Perhaps we can cover Off The Record messaging as well, which is a similar concept, and useful for chat, and apparently even more secure.

If anybody else in attendance knows more than me, I'd be happy to yield the floor for a more informed explanation, though I'd like to stick to the above agenda.

Before I take the time to set this up, I'd like to gauge interest. Who would be up for this? Preferably you run Linux, but we can set this up for Mac and Windows as well. I just can't particularly vouch for the security of proprietary OSes, given what's been revealed in recent news about NSA partnerships.