Posts tagged with 'Teaching'

CryptoParty Observations

  • Posted on October 11, 2013 at 10:23 pm

The CryptoParty phenomenon is past its first anniversary. The interest in cryptography and secure communication has always been there. The existence of CryptoParty before Edward Snowden leaked the criminal practices of secret services around the world is a good indicator for that. The questions is if crypto flash mobs of tutors and students can make a difference. Cryptography has deep roots in mathematics (which can and have to be reduced to a minimum when explaining, remember that every formula in an article for a wide audience halves your readership). In addition most tools used for encryption are not point-and-click capable (which is partly due to the user interface, but the real reason is the fact that secure communication doesn’t feature an on/off switch). Too bad. Despite these difficulties CryptoParty events work somehow. At almost all local events here participants learned something, tutors did too.

A couple of days ago someone asked me for a „mini crypto handbook with just the essentials“. I have given this idea some thoughts, but I doubt that you can improve your data’s and communication’s security by a short laundry list of things to do or not to do. You might get to the point of encryption quite fast, but managing the keys and verifying the identity of your communication partner(s) is the most important aspect. Then there is the problem that once data is decrypted it tends to leave residue in clear text. Unless you use encrypted storage all of the time and everywhere there is a chance that traces of data will leak and stay without cryptographic protection. It’s a bit like dealing with radioactive material – always use secure containers and equipment.

Give the extra effort of security all of our lives will still have an „unencrypted component“. You cannot securely communicate with partners who do not support secure communication. Calling a taxi, ordering pizza, phone calls with friends & family, even communication with companies or public authorities are probably easy to intercept. Observing the communication of an individual or an organisation as a whole can therefore be very informative if the pattern of encrypted and unencrypted information is analysed. If you only use cryptography when important, then you betray the fact that something interesting is going on. Using cryptography indiscriminately would be better – if it were possible with every communication end-point. Intelligence services know this, so does everyone else.

There are not short-cuts, it seems.

Hacking

  • Posted on January 13, 2013 at 2:12 pm

I know a lot of people who hack stuff. Due to other activities I also meet people who want to learn how to hack. This is the fun part of teaching. You are being asked questions you cannot answer easily. While you can think all day about theories explaining what hackers do, you can stop doing this and get to the roots. Figuring how things work is a good start. All hackers do this, regardless of their colour. The late Aaron Swartz put it this way:

“Be curious. Read widely. Try new things. I think a lot of what people call intelligence just boils down to curiosity.”

You need a motivation to discover the inner workings behind a gadget, a technology or a simple observation. You need the ability to be observant, to combine facts, come up with theories, put them to the test and to get rid of them once you have a new one. You have to know how to ask sensible questions and think of the steps necessary to answer them. Most scientists do the same (go and read Richard Feynman’s The Pleasure of Finding Things Out if you are not convinced).

So how do you get to the point of finding things out? Well, you definitely cannot read the manual and be done with learning. Nothing works this way. The best you can hope for is to get a starting point. The rest is exercise and reading stuff again (stuff can be new or old, you won’t understand everything at the first time). It’s just like physical exercise. Start running, start swimming, start anywhere and see where you get. It’s just like craftsmanship. Get a tool. Use it. Build something. Sooner or later you will use different tools or build tools on your own. It’s a process.

Get it?

Top