Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] CryptoParty Handbook

Nick M. Daly nick.m.daly at gmail.com
Thu Oct 4 19:11:23 PDT 2012


Andrew Mallis <ows at ideograph.ca> writes:

> This 392 page, Creative Commons licensed handbook is designed to help
> those with no prior experience to protect their basic human right to
> Privacy in networked, digital domains...  Most importantly however
> this handbook is intended as a reference for use during Crypto
> Parties.

Andrew, this is great work.  I started reading it on the bus today and
found a few bits that could be updated or clarified.  The numbers are
page numbers.

- [ ] 5: Remove the link to opensourceecology.org.

- [ ] 7: "as many or as few as two people" - an incomplete thought.

- [ ] 12: add the "you've got no business in my business" argument:
      Privacy exists because part of the human experience is personal,
      intimate, even.  Robbing people of that devalues human life and
      experience.

- [ ] 21: give time values to password lengths and predictability.
      e.g.: a completely random 8 character password provides up to 12
      hours of privacy after your password is exposed, if attacked by
      one average blackhat [0].  Attacked by a script kitten?  Maybe
      longer, depending on the strength of their graphics card(s).
      Attacked by a nation-state?  It's probably seconds.

- [ ] 22: add grc.com/passwords as a link for fully random passwords.

- [ ] 25: Lower threatenable area: consider POP3 for your email to move
      it off the easily accessible servers as quickly as possible.  If
      it's inconvenient for you, it'll be even more so for your
      attackers.

Is there a preferred contribution method?  I didn't see one mentioned in
the PDF, but I probably missed it.

Nick

0: http://arstechnica.com/security/2012/08/passwords-under-assault/


More information about the liberationtech mailing list