https://aznot.com/index.php?action=history&feed=atom&title=OpenWest_2015%2FEnd-to-end_Encrypted_SolutionsOpenWest 2015/End-to-end Encrypted Solutions - Revision history2026-04-17T07:11:08ZRevision history for this page on the wikiMediaWiki 1.41.0https://aznot.com/index.php?title=OpenWest_2015/End-to-end_Encrypted_Solutions&diff=2169&oldid=prevKenneth at 22:51, 8 May 20152015-05-08T22:51:10Z<p></p>
<p><b>New page</b></p><div>End-to-end Encrypted Solutions<br />
<br />
by Aaron Toponce (@AaronToponce)<br />
<br />
"In the light of the Edward Snowden revelations, I will explain the current landscape of end-to-end encrypted solutions to protect your data from the NSA. I'll explain what the current threats are by the NSA and other well-funded organizations, what they likely can and cannot do, and how to mitigate them by using end-to-end encrypted software tools.<br />
<br />
Some of the tools covered will be OpenPGP, OTR, Bitmessage, d-note, and Tox. I'll also talk about the NSA back doored Dual_EC_DRBG algorithm standardized by NIST, and the RDRAND controversy with Intel and Linux kernel developers. I'll call into question some conspiracy theories about the NSA, which will involve Lavabit."<br />
<br />
---<br />
<br />
CIA Triad<br />
* Confidentiality<br />
* Integrity<br />
* Availability<br />
<br />
Information Security:<br />
* Products (Physical Security)<br />
* Procedures (Organizational Security)<br />
* People (Personal Security)<br />
<br />
Resources:<br />
* Communication<br />
* Hardware<br />
* Software<br />
<br />
Encryption - encoding information such that only authorized parties can read it. Provides only confidentiality.<br />
<br />
Authentication - keeping information tamper-resistant while also proving it originated from the sender. Provides only integrity.<br />
<br />
Matasano Challenges http://cryptopals.com<br />
<br />
Encrypt-then-MAC is the one true way<br />
<br />
MAC-then-Encrypt<br />
* plaintext hashed<br />
* mac appended to plaintext<br />
* plaintext and mac encrypted<br />
* no ciphertext integrity<br />
* plaintext integrity<br />
* used in OpenSSL<br />
<br />
Cryptographic Doom Principle:<br />
* Doom! when verifying the message is not the first execution<br />
* MAC-then-Encrypt vulnerable to the padding oracle attack<br />
* lucky thirteen and POODLE in OpenSSL<br />
* mac-and-encrypt plaintext recovery attack in openssh up to 5.1<br />
* mac-and-encrypt can reveal when messages repeat, if the mac doesn't include a sequence number<br />
<br />
Suggestion:<br />
* encrypt-then-mac<br />
* use aes-gcm<br />
* or chacha20-poly1305<br />
* or aes-hmac-sha-256/512<br />
* or aes-sha3 (not finalized by nist, yet)<br />
<br />
Off-the-Record Messaging (OTR)<br />
* end to end encryption<br />
* non-repudiation, off the record conversation, that is confidential<br />
* good for journalists or whistleblowers<br />
* Socialist Millionaire Protocol - a way to tell if the other person is who they are without actually identifying the other person<br />
** ask a quesiton that only the other person knows<br />
<br />
OTR - Cryptocat<br />
<br />
OepnPGP - protocol / RFC (not an implementation)<br />
* Unencumbered PGP<br />
* PGP compatible without patents<br />
* GNU Privacy Guard (GPG) - implementation</div>Kenneth