I attended the Stockholm Cryptoparty on Saturday the 16th of February. I was asked to give the opening talk, "Varför krypto?", to start off the day. My goal was to explain why cryptography should be used daily by everyone in mundane ways. The general topic was about how I watch kids using cryptography daily, without knowing it or without fully understanding the technical details behind it. This is ok. Kids chat a lot. When you introduce Off-the-record to their chats, they instantly understand that the chats are now private, and can be authenticated. The distinction between the two concepts is fairly easy to grasp, even if they don't understand the details of hashes, key exchanges, or ciphers. Once a few core people start using OTR, for example, then it spreads to their friends and soon you have networks of kids using OTR having safe and secure chats.
The simplest three steps people can take to begin using cryptography daily are:
- Use https everywhere in your browser.
- Use a browser password manager. KeePass is as good as any. The point is to keep username/passwords unique and complex per site/service. The next time LinkedIn or some major site loses tens of millions of passwords, you're protected because it's not the same username and password you used for your gmail, facebook, twitter, banking, and vkontact accounts.
- Use Tor for actions you want to keep private. Everything on the Internet leaves a trace. The world knows you're a dog online.
Thankfully, I could give the introduction in English and not have to offend the attendees with my poor Swedish. Linus gave a great Tor talk in Swedish. Overall, the day went well. We had huge pizzas and generally a great time. Many people were new to cryptoparties and new to cryptography in general. It was a great time. As an American, it was nice to see about 50% women attending. There were a number of younger kids learning about all of this too. The cryptoparties I've attended in the USA have been all men and the maybe one girlfriend or wife dragged to the event.
(Unfortunately, the camera recording my talk malfunctioned and corrupted the video. However, other images and videos from the day are available on our media server.
Thanks to DFRI, Sparvnästet, and iis.se for hosting the event and inviting me to attend.
i think keepass keeps passwords on your computer, whearas firefox sync keeps them in a server which is out of your hand.
You can set up your own Firefox Sync server if you want:
The source is open, and everything is encrypted client-side.
I have never seen any security review of it though. What's got me more concerned is the password store in Firefox itself, is the encryption (when using a master password) "good enough"?