Notes On Every Day Encryption

• Why is encryption important
  • Encryption is important because any data that you send is going through several computers
  • Flow of data:

 ***Your computer ---> Router ---->  5-10 intermediate servers ---> other users router ---> other users computer.

• • So there are many points at which someone might intercept your conversation
  • Who might read your messages?
    • advertisers (google)
    • governments (AT&T, NSA)
    • other weirdos (Private Investigators, Police, Stalkers?)

• • The other reason that encryption is important is that the more encrypted data that is in the flow of traffic, the harder it will be to seperate the wheat from the chafe.
  • If all your data is encrypted, it will be harder for someone to find the one piece of data that they are looking for.
  • Also, the more encrypted data there is in the world the more that governments will have trouble finding interesting informaiton, amongst the non interesting information.
  • The more encryption is used the stronger it becomes
• What Is Encryption
  • According to Wikipedia:

“In cryptography, encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).”

• Public Key Encryption:
  • Public key encryption is the proccess where by you encrypt plain text using what is called a public and private key.
    • Each person involved in a public key encryption will have both a public key and a private key. The public key will be distributed to everyone who you want to be able to send you encrypted information and your private key will be used to decrypt it.
    • So if bob is sending some information to alice, bob will encrypt the information with alices public key. Alice can then decrypt the information with her private key. Which only she has.
    • Your public key can (and has) to be given to any one who you wish to communicate with.

Your private key can also be used to digitally 'sign' messages which creates a unique signature on the message. A recipient can use your public key to verify that the signature is in fact yours.

• This is the type of encryption we will be talking about.
• Encryption Programs:
  • Instant messaging
  • The downfall of instant messenging is that it is all done in plain text, that means that every time alice sends bob a message, it passes through both their computers and all computers in between in plain text, making it very easy for someone to overhear the message.
  • OTR Messaging
    • OTR Messaging ( which stands for Off The Record Messaging ) is a piece of software that lets you encrypt your conversations on various instant messenging services using Public Key Encryption.
    • You can download OTR as either a plugin for your instant messenger client or as a stand alone server

 OTR can be downloaded from http://cypherpunks.ca/otr

• • Supported IM Clients for plugin:
    • Pidgin/Gaim (windows/linux)
    • Trillian (Windows)
    • AudiumX ( OS X )
    • Kopete
  • OTR Proxy server will work with any client
  • Support Messaging Protocols
    • AIM
    • Yahoo
    • MSN
    • ICQ
    • Gtalk ?

How to install and configure pidgin and OTR

• Download pidgin from http://pidgin.im/
• Download OTR plugin for pidgin from http://cypherpunks.ca/otr
• Install both.
• Start pidgin
• In the buddy list click Tools->Plugins
• Scroll down to Off The Record Messaging
• Click the box to enable it and then select it
• Click the button that says, 'configure plugin'
• Select the account that you want and click 'Generate Key'
• This will generate your public and private key's when it is done, you are ready to go!
• If you want to test this later you can reach me with the following :
  • AIM: xlintcorex
  • Yahoo: flatline_hackbloc
  • MSN: flatline_hackbloc
• Fingerprint Verification in OTR
  • A fingerprint is a unique number that is gerated from your key, it can be used to verify that the person who gave you the key is really who they say they are.
  • Fingerprint verification is important in that if you are sending encrypted messages you want to be absolutely sure that the recipient is who they say they are.
• How to verify:
  • Find your fingerprint, in pidgin this can be found in Tools->Plugins-> Off the record messaging -> configure plugin
  • Now call or visit in person the party that you are verifying the key of, if you are not sure of the persons identity, ask for some ID!
  • Now they will read their fingerprint to you, if it is the same as the fingerprint you have on file for them, then you have successfully verified their public key
  • Now they will read your fingerprint to them and they will confirm it in the same manner.

Other Encryption Software

• OTHER ENCRYPTION SOFTWARE
  • Tor
    • Tor is a network of computers called 'onion routers' that work together as a proxy to obfusticate the source of traffic. This can be a very secure way to visit web sites anonymously if used properly.

http://tor.eff.org/overview.html.en

• Scatter Chat
  • Scatter chat is a fork of the Gaim project which uses TOR and encryption to encrypt and obfusticate the source of a chat from one party to another. It allows people to communicate without any listening party to know who is communicating where the communication is coming from or what is being said, if used properly. It was designed by the hacktivismo collective.

http://scatterchat.com

• SSH Tunnelling
  • SSH Tunnelling is a very powerfull technique that can let you use a secure shell server that you have access to as a proxy for your internet connection. This can be done on linux/mac OS X with the standard SSH client and on windows with puTTY