What is crypto? Crypto means ‘hidden’, and it’s meant ‘hidden’ since before the Greek alphabet was written, but don’t let that stop you from arguing. For this week’s Hack Chat, we’re going to be talking all about cryptography, a medium of exchange for secrets. If you need confidentiality, integrity, or authenticity, you need cryptography.
Our guest for this week’s Hack Chat will be none other than Nick Sayer. Nick is a frequent attendee of the Hackaday meetups and he’s been building gadgets and gizmos and selling them on Tindie for years now. He’s given talks on design for manufacturing. This year, he designed and developed the Orthrus, an appliance that creates a cryptographically secured USB volume from two microSD cards. Basically, it’s like the Captain Planet team, only instead of rings, you need all the SD cards, and instead of Captain Planet, you summon your data.
For this week’s Hack Chat, we’re going to sit down with and talk about all things cryptography, including understanding what you need, what you don’t, and picking the correct tools. Items of interest will include:
- When cryptography is needed
- Cryptography tools
- The best practices for cryptography
You are, of course, encouraged to add your own questions to the discussion. You can do that by leaving a comment on the Cryptography Hack Chat and we’ll put that in the queue for the Hack Chat discussion.
Our Hack Chats are live community events on the Hackaday.io Hack Chat group messaging. This week we’ll be sitting down on Friday, November 16th, at noon, Pacific time. If time zones got you down, we have a handy time zone converter.
Click that speech bubble to the right, and you’ll be taken directly to the Hack Chat group on Hackaday.io.
You don’t have to wait until Friday; join whenever you want and you can see what the community is talking about.
” If you need confidentiality, integrity, or authenticity, you need cryptography.”
Hashing comes to mind.
Hashing in and of itself doesn’t validate authenticity, because you have no particular guarantee that someone didn’t also alter the hash.
Hashing is, however, the basis for HMAC, which can guarantee authenticity because no one can replace the MAC without knowing the “key” (effectively the shared secret that is added to the hash to make it an HMAC).
Hashing is a one-way algorithm. Encryption is a two-way algorithm. One-way algorithms are useful for authentication, while Two-way algorithms are useful for communication. Film at 11…
I like to say, “you can’t turn guacamole back into avocados.”
Well, unless you rot it down to fertilise your avacado plant ;)
simple, show me a arduino or digispark encrypted disk
one folder for writing one for receiving
This is doable, though it would be quite slow. The first iterations of Orthrus were done with SPI SD card I/O and Arduino-class controllers. It worked, but was too slow for the intended use case.
Looks neat. What are some example use cases for this?
Use cases for cryptography? I’m not sure I understand the question.
Oh, did you mean use cases for Orthrus?
I actually designed it specifically for my day job.
There’s a bunch of discussion about this in the comments of the Hackaday article that was written about it when it was up for the Hackaday prize: https://hackaday.com/2017/05/08/hackaday-prize-entry-secure-storage-on-sd-cards/
It’s so refreshing to see “crypto” being used properly these days. I think everyone with computing, mathematics, or linguistics expertise has given their cringing muscles a helluva workout over the last few years.
To be fair, cryptography underlies things like blockchain. You couldn’t have BC without asymmetric cryptographic systems (at least, not in any way comparable to what people usually mean).
But, yeah, words have meanings.
@nsayer: One of the best quotes about crypto I’ve ever heard:
Cryptography is a machine that turns the privacy problem into a key management/distribution problem.
(Overheard during a talk on Threema, a private messaging platform, and probably misquoted…but you get the point.)
Well, PKI has been a revolution in key management, but the downside is that it has just reduced the problem to correctly deciding where to delegate trust (as opposed to having to solve the trust question with *every* key).
Overriding everything is the overarching problem at the heart of all security: correct threat modeling.
You don’t have to outrun the bear. You just have to outrun one person who is also running from the bear.
HACK CHALLENGE
3CwM9FaWeXdRzApFN31y4ZMgQHWqm3PAqp