Crypto as in cryptography

I am using the #STEM tag on this as it relates to technology that I am interested in. You can read about that 'tribe' here.

I have been interested in #cryptography for years. The whole concept that mathematics can provide us with ways to make data secure from snooping is just cool. Back when I started playing with PGP/GPG this was something just of interest to geeks, but it is now essential to everyone who uses computers for on-line shopping, banking and just keeping your activity from being generally snooped on. And of course it is the foundation of cryptocurrency. You need encryption and digital signatures to prevent your precious coins from being stolen or people cheating the system.

Me in my Gnu Privacy Guard shirt at Steemfest 3 with @detlev and @slobberchops.

I have had my current public key for a few years, but it is rarely used. Setting up the software and encrypting emails seems to be too much for most people, so they continue using emails that can fairly easily be spied on.

Something that makes it all a little easier is Keybase. This is an implementation of the encryption algorithms in a user friendly way and they have built various services on that.

You have one-to-one chat as well as Slack-like chatrooms that use end-to-end encryption. That means that hacking their servers would not expose what you have been talking about. They also provide:

• Public or private file hosting. You can share files are you might with Dropbox or Google Drive, but people can be sure that the files are actually from you. I used this ages ago to host my images for Steem posts before Steemit provided that.
• Encrypted git. This is version control as on GitHub with added security.
• Identity verification. You can place a signed message on Facebook, Twitter, reddit or other platforms to prove that you control those accounts. You can also verify your Bitcoin and other crypto addresses so people can send you funds with confidence they are not being spoofed.

There is are desktop and mobile apps as well as browser extensions.

It was interesting to read this blog by the Keybase CEO. His Slack account was compromised and decided there was a risk it was via an attack on his computers so he took the drastic step of scrapping them. There are ways to hack firmware and boot sectors that may not be easily detectable. If you are running a security company you have to be really paranoid. It turned out the issue was actually with Slack and had happened years ago. We put a lot of trust in internet companies to keep our data safe and they keep letting us down. In this case the data loss was not significant as he was using the Keybase chat for anything confidential.

Companies like Steemit have to be equally diligent about their security. @sneak wrote a piece some time ago about the length you should go to. Imagine if the keys to their main accounts leaked! Most of us could not deal with the sort of compromises required for that level of security, but you should be careful what you click on and install.

There are those who would rather we did not use good encryption. This week the US Attorney General said technology companies should provide backdoors to intelligence agencies, but this would be very risky. BTW You should follow what Bruce Schneier writes if you have any interest in security. We know governments leak data all the time and we could not know who was looking in. Which agencies would have access? Would data be shared with other countries? Australia has implemented laws that go too far in this regard.

Governments will argue they need to be able to monitor communications of terrorists, but there are plenty of open source encryption apps out there that they can use. That horse has already bolted.

Note that cryptocurrenices could be affected by this sort of legislation. We can send encrypted memos on Steem and they may want to tap into those. A main principle of cryptocurrency is that only you control your keys. Who wants to give that up?

Some of us remember cryptography export restrictions back in the 90s. Those outside the USA were supposed to use limited keys what could be cracked by someone like the NSA. Algorithms were printed off and put on shirts to bypass this.

Good encryption is hard to implement. Be wary of anyone who claims to have a new unbreakable system, especially if they will not share the source code. Algorithms need to be tested by independent experts and public code should not compromise security as that only depends on the keys. Modern hardware means they can be long enough to be uncrackable in the lifetime of the universe.

I am far from an expert on the inner workings of cryptography, but I can still play around with it. Feel free to hook up with me via Keybase. We can chat with their secure apps. There is a Steem channel, but it is pretty quiet. I have uploaded a file to verify a link between my Keybase and Steem. Unfortunately they do not yet provide a way to do this with signed posts as for other platforms.

Stay secure!

The geeky guitarist and facilitator of the 10K Minnows Project.

• I'll buy guitar picks for Steem
• Get a Wirex Debit Card to spend your crypto.
• Get some passive income with Mannabase
• Get paid to search at Presearch
• Battle for cards on Steem Monsters
• I have Steem accounts to give away to worthy people!