Applying Cold War Learnings to our Daily OPSEC
Hosted By
kim c.
Details
At this MeetUp, Chris Campbell - a big fan of cold war history and spy tactics - will dive deep into an application he developed to take care of a small but important task: sharing secrets.
A dead drop is a method of exchanging secrets between two agents, whereby the secret is stored in a safe, predetermined location for collection, thus meaning that the two agents never have to meet and are able to maintain operational security. Where there is concern that a drop may be compromised, an additional key to decrypt the secret may be transferred using a different channel. This method was incredibly popular and effective during the cold war, and served as the inspiration for Chris' application "DeadDrop (https://deaddrop.jadeworld.com/)". In fact, the inspiration for DeadDrop goes beyond the time of the cold war and into the present, realising that there is a decreasing level of trust in service providers - so also offers a "host proof" mode of operation and is open-sourced. Gone are the days of transferring secrets (e.g. credentials) in plaintext emails and texts.
This session will look into a few aspects of DeadDrop:
• A short history lesson: the inspiration for DeadDrop
• The importance of OPSEC in our daily lives
• The theory behind effective secret sharing
• Cryptography 101.
• .NET and JS cryptographic considerations
• Code breaking 101.Chris • Wed, 8:11 PM
DeadDrop Source Code: ( https://bitbucket.org/t0x0/deaddrop )
Chris's Blog Post: (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
A dead drop is a method of exchanging secrets between two agents, whereby the secret is stored in a safe, predetermined location for collection, thus meaning that the two agents never have to meet and are able to maintain operational security. Where there is concern that a drop may be compromised, an additional key to decrypt the secret may be transferred using a different channel. This method was incredibly popular and effective during the cold war, and served as the inspiration for Chris' application "DeadDrop (https://deaddrop.jadeworld.com/)". In fact, the inspiration for DeadDrop goes beyond the time of the cold war and into the present, realising that there is a decreasing level of trust in service providers - so also offers a "host proof" mode of operation and is open-sourced. Gone are the days of transferring secrets (e.g. credentials) in plaintext emails and texts.
This session will look into a few aspects of DeadDrop:
• A short history lesson: the inspiration for DeadDrop
• The importance of OPSEC in our daily lives
• The theory behind effective secret sharing
• Cryptography 101.
• .NET and JS cryptographic considerations
• Code breaking 101.Chris • Wed, 8:11 PM
DeadDrop Source Code: ( https://bitbucket.org/t0x0/deaddrop )
Chris's Blog Post: (https://bytefog.blogspot.co.nz/2015/09/burn-after-reading.html)
OWASP New Zealand Chapter - Christchurch
Christchurch Office, Catalyst IT Limited
Level 1, 284 Kilmore St · Christchurch
Applying Cold War Learnings to our Daily OPSEC