[liberationtech] CryptoParty Handbook

Julian Oliver julian at julianoliver.com
Wed Oct 10 04:41:19 PDT 2012 

Hey Sasha,

..on Wed, Oct 10, 2012 at 01:08:22PM +0200, Sacha van Geffen wrote:
> 
> congratulations with the cryptoparty book;
> 
> On 10/10/12 12:10, Julian Oliver wrote:
> 
> > Indeed the unchecked references to PPTP were unfortunate, imported from the book
> > Basic Internet Security (Gerber, Hassan, Stein, van Geffen, van Santen, van der
> > Velden, den Tex, Schmidt et al). It was trusted material. I don't think any of
> > us knew PPTP was cloud-crackable albeit we did know it was less secure than
> > OpenVPN (I'm doubly thankful I use OpenVPN on my own server!). It shouldn't have
> > gone into the first draft without appropriate warnings for fear of it being
> > misconstrued as endorsement of this readily breakable PPP tunnelling method.
> > 
> 
> In the introduction to VPN networks 'Basic internet Security' says:
> " PPTP is one of the older VPN technologies. While PPTP is known to use
> weaker encryption than either L2TP/IPSec or OpenVPN, it may still be
> useful for bypassing Internet blocking and give some level of
> encryption. The client software is conveniently built into most versions
> of Microsoft Windows, Apple, Linux computers and even mobile phones. It
> is very easy to setup."
> 
> While it is easy to copy content to add to a book, (BIS did this from
> Security in a box and from Circumventing censorship) You should be
> careful when to do that. I do not understand why you did not just give a
> list of resources including the above mentioned and focus more on the
> Cryptoparty specific content.
> 

The book is a handbook, so it should contain the HOWTOs alongside introductions
to core concepts, threats, etc. There was a lot missing from Basic Internet
Security that needed to be covered for it to be a guide for real newbies. There
were also some tool areas not properly covered and or uppacked for use at Crypto
Parties. Adam Hyde led the sprints of both books.

Some people at our last two CryptoParties didn't know what a server was, thought
the Cloud had something to do with satellite Internet while another thought
"email client" relates to a commercial client you send an email to. Even
'Operating System' needs to be unpacked as one person mistook the OS in OS X as
relating only to Apple. Another thought it was necessary to use Google to access
the Internet as he types each URL into the Google field, effectively using
Google search as a proxy DNS. The list goes on. Many that use and depend upon
the Internet find it utterly baffling. 

Your great little outline to PPTP from Basic Internet Security was simply
skipped in the intro to VPNs (Browsing section) and will go into the v1.1

Cheers,

-- 
Julian Oliver
http://julianoliver.com
http://criticalengineering.org

More information about the liberationtech mailing list