Calculating entropy with Python.

Fun fact: There is more than one kind of entropy out there.

If you've been through high school chemistry or physics, you might have learned about thermodynamic entropy, which is (roughly speaking) the amount of disorder in a closed system.  Alternatively, and a little more precisely, thermodynamic entropy can be defined as the heat in a volume of space equalizing throughout the volume.  But that's not the kind of entropy that I'm talking about.

Information theory has its own concept of entropy.  One way of explaining information theory is that it's the mathematical study of messages as they travel through …

Read more...

Dominant discourse.

Since the NSA revelations began coming a couple of times a week for the past month, an all too common set of dialogues has been cropping up again and again and again in practically every forum that one would care to visit. While the discussion itself isn't perfectly replicated the overall pattern is. It goes something like this:


  • Brief description of vulnerability. Mitigating tactic.
  • Mention of a vulnerability elsewhere in the user's system.
  • Description of a slightly more esoteric vulnerability.
  • Use another system.
  • Encrypt everything.
  • Quantum computer.
  • Use Tor.
  • Tor can't protect against country-level surveillance.
  • NSA backdoor.
  • The NSA has …

Read more...

Cryptoparty presentation: GnuPG

Now that things have calmed down a little, I've finally had time to finish and post one of my presentations from the Washington, DC cryptoparty. My presentation on GnuPG is now available for download. If there is anythings that needs to be fixed in it, please let me know and I'll get a new release out.

Please bear in mind that this is a high-level lesson on how to use GnuPG, so you won't learn how AES works or how to implement SHA-1, because you don't need to know that stuff to sign e-mail or encrypt files. If you want …

Read more...

The DC Cryptoparty was a success!

A couple of weeks ago I announced that a cryptoparty would be held at HacDC in the first half of October. If you haven't been watching hashtags on Twitter, a cryptoparty is a party where people get together to eat pizza and learn how to install and use strong cryptographic software (like GnuPG and Truecrypt) safely. These parties began in Australia as a result of the government there passing a bill which requires mandatory recording and storage of all net.traffic, just in case someone living in Australia is doing anything illegal. Almost immediately cryptoparties began springing up around the …

Read more...

Announcing the Washington, DC Cryptoparty!

On 14 October 2012, HacDC will be hosting the first #cryptoparty in Washington, DC. Everyone in the DC metroplex who is concerned about privacy, anonymity, surveillance, stalking, journalism, or activism are invited to attend, regardless of your level of technical expertise or field of endeavor. At the #cryptoparty, experts will be on hand to teach you what you need to know to evade surveillance, protect your e-mail from eavesdroppers, protect the data on your hard drives and USB keys from theft, and communicate safely.

The #cryptoparty begins at 5:00pm sharp on 14 October 2012, so bring your laptops, smartphones …

Read more...

Canonical Wikileaks URLs and SSL certificate fingerprints.

Official Wikileaks document submission URLs:

https://sunshinepress.org/
http://suw74isz7wqzpmgu.onion/ (Tor only)

Source: /pictures/the_next_hope-2010/img_1624.jpg, taken 17 July 2010 at the keynote address. Image taken of Jacob Appelbaum's presentation slide.

Official SHA-256, SHA-1, and MD5 fingerprints of the Wikileaks document submission URLs:

SHA-256:
85:C3:77:8E:7F:BC:96:42:CF:EE:03:B0:AC:4A:2A:26:
15:18:CB:50:41:EC:7A:2A:CC:9F:56:60:67:94:04:7E

SHA-1:
68:C3:4B:3D:05:7A:53:E3:8C:FE:
71:F1:30:3D:8A:AD:8E:33:0A:76

MD5 …

Read more...

Prime Minister of England formally apologizes to the memory of Alan Matheson Turing.

For many years, Alan Turing was one of the lesser-known heroes of World War II. Born in 1912, he rose to prominence at Cambridge in the early 1930’s where he was eventually elected a fellow of the King’s College. Much of his work on computability, or whether or not a problem can be solved and the most effective methods of going about it if it can, is now considered 101-level stuff in comp.sci programs around the world. At the time, however, this work was revolutionary. Turing is best known for the hypothetical Turing Machine, a computing device …

Read more...

More advances in quantum cryptographic keying methods.

In slightly less technical terms, researchers at the Toshiba Research Europe facility in Cambridge, England have figured out how to make it harder for eavesdroppers to steal keying information from a quantum cryptosystem (registration required, Bugmenot has login credentials for this site). For an attacker to have a chance at breaking a quantum cryptosystem, he or she would have to splice a tap into the optical fibre which connects the two crypto units and record the pulses of light that encode the key used to encrypt the data. There are ways to use the principles of quantum mechanics to detect …

Read more...