CryptoParty and Trust as a Tool

  • 28 October 2012

You have probably heard of the CryptoParty events spreading all over the world. The idea is to meet, have experts explain cryptography and tools using it to beginners, and to have some fun in the process. For someone using PGP (and now GPG) since its early days 20 years ago this is not very ground-breaking news. It’s long overdue and should have happened much earlier. Cryptography has been around for thousands of years, long before the Caesar cipher. Secrets are even older. The rise of PGP got cryptography going on „ordinary“ computers in 1991. The Cypherpunks would have been happy to have CryptoParty events, too.

Getting to grips with cryptography happens in stages. Your starting point depends on your interests and background. Some start at the mathematics, others start with the tools first. It really doesn’t matter, and there is no One True Way™ (a fact often lost to fanatics). Once you understand the basics, you can go on. There’s no requirement to do so, but when it comes to cryptography and its tools my recommendation is to dig a little deeper after mastering the threshold. The best opportunity is asking questions about levels of trust and the importance of keys. At this point you will realise that cryptography alone will get you anywhere if there is no solid level of trust between the communicating parties and if others have access (think copies) of the keys securing the communication. This is also the point where it gets complicated and uncomfortable.

Cryptography is hard to understand. Understanding trust, how to establish it and how to maintain it is even harder. True, there are a lot of tools that can help you to encrypt and decrypt stuff on your cell phones (the smart ones probably). Unless you are the only one having access to your cell phone, you will never be able to trust this device. The same is true for devices that aren’t properly secured and managed by third parties such as hardware/software vendors or application stores (or for the younger generation „app stores“).
You can think of your apartment as an example. You’ve got your keys, but if someone else has a copy of these keys or has build a second door to your apartment with separate keys, then your apartment cannot be trusted any more.

So if you dive into the Wonderful World of Cryptography™, please take time and patience to have a look behind the scenes. It’s not meant as an recipe to acquire paranoia, it really helps to understand trust. Your local CryptoParty experts will help you. Ask them.

Sorry, the comment form is now closed.

Top