From d818cf7f8f5ec0107b03c99ad5ce510d57893c87 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 29 Apr 2020 13:29:40 +0300 Subject: Change: pgptalk2 --- .gitignore | 2 + pgptalk2.md | 167 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 169 insertions(+) create mode 100644 .gitignore create mode 100644 pgptalk2.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f4df0be --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.pdf +*.html diff --git a/pgptalk2.md b/pgptalk2.md new file mode 100644 index 0000000..a1bd5f9 --- /dev/null +++ b/pgptalk2.md @@ -0,0 +1,167 @@ +# Goals of this talk + +* Why is cryptography important? +* How does cryptography work, conceptually? +* How do I use cryptography, specifically? +* What should I do next? + +![cat](Anca.jpg) + +--- + +* Why would anyone attack **you**? + * you, your data, or your computing resources might be valuable + * you might be a stepping stone to another target, such as + your employer + * you might be an easy target + +![cat](Bancho.jpg) + +--- + +* An attacker may want to... + + * **impersonate** you to someone else, or someone else to you + * **falsify** a file you need or provide, such as a software + download + * **eavesdrop** your communications to steal sensitive information + +![cat](Sphynx.jpg) + +--- + +* An attacker may be... + + * a government: US, UK, Russia, China, etc + * law enforcement or espionage, in any country + * a large private organisation + * a criminal organisation + * a minor criminal + * someone with too much time and a twisted sense of humour + * someone you know who doesn't like you + * in all cases, the attack may be illegal, but might not be + +![cat](Lizard.jpg) + +--- + +# Defences + +* cryptography, especially widespread use (HTTPS is almost everywhere!) + +* tools, training, infosec, opsec, good habits + +* compare with driving: errands vs F1 + +* a sufficiently motivated or well-funded attacker will eventually win + +![cat](Chat.jpg) + +--- + +# Everyday uses of cryptography + +* email: sign as much as possible, encrypt at least sensitive + +* git: signed tags for releases, maybe sign (some) commits + +* software releases: sign downloadable files (.tar.gz, etc) + +* amaze people at parties, be an international celebrity + +![cat](Down.jpg) + +--- + +# Cryptography concepts + +* Symmetric: one key + +* Asymmetric: two linked keys + +![cat](June.jpg) + +--- + +# History + +* 1977: first public invention of public key cryptography + +* 1991: PGP or Pretty Good Privacy, first popular, freely usable + implementation of public key cryptography + +* 1990s: US crypto export restrictions; massive innovation boom + +* 1995: SSH, SSL + +* late 90s: crypto wars + +* 2000s, 2010s: crypto gets widely used and entrenched + +* 2020s: second crypto wars + +--- + +# Crypto tooling + +* SSH, HTTPS are used everywhere + + * use for connections, transfers: "data in transit" + +* PGP went proprietary, GnuPG (gpg) is a free replacement + + * use for messages, files, signatures: "data at rest" + * OpenPGP standard, GnuPG most popular implementation + * versions exist for all popular computer operating systems + +![cat](Box.jpg) + +--- + +# Demos + +* generating a key +* signing or certifying a key +* sharing keys and signatures +* encrypting and signing a message +* decrypting a message and checking its signature + +--- + +# Now what? + +* Make a key, start using it, get it signed by co-workers + + * Ask for help or hands-on training if you need it + +--- + +# Legalese + +Copyright 2020 Wikimedia Foundation + +This content is licensed under the Creative Commons +Attribution-ShareAlike 4.0 International ([CC BY-SA 4.0][]) licence. + +[CC BY-SA 4.0]: https://creativecommons.org/licenses/by-sa/4.0/ + +Pictures from Wikimedia Commons: + + + +* [June_odd-eyed-cat_cropped.jpg](https://commons.wikimedia.org/wiki/File:June_odd-eyed-cat_cropped.jpg) +* [Cat_into_the_box.jpg](https://commons.wikimedia.org/wiki/File:Cat_into_the_box.jpg) +* [Banho_de_Sol_(2422073851).jpg](https://commons.wikimedia.org/wiki/File:Banho_de_Sol_(2422073851).jpg) +* [Anca_the_Weasel_(26984433186).jpg](https://commons.wikimedia.org/wiki/File:Anca_the_Weasel_(26984433186).jpg) +* [Cats_lying_down;_March_2016_(01).jpg](https://commons.wikimedia.org/wiki/File:Cats_lying_down;_March_2016_(01).jpg) +* [Chat_import_1.jpg](https://commons.wikimedia.org/wiki/File:Chat_import_1.jpg) +* [Cat_playing_with_a_lizard.jpg](https://commons.wikimedia.org/wiki/File:Cat_playing_with_a_lizard.jpg) +* [1_adult_cat_Sphynx._img_047.jpg](https://commons.wikimedia.org/wiki/File:1_adult_cat_Sphynx._img_047.jpg) + + +--- +title: "Basics of cryptography" +subtitle: "OpenPGP and GnuPG" +author: "Lars Wirzenius / Wikimedia Foundation" +date: "Version 2.0 for 2020-04-29" +... -- cgit v1.2.1