The BetterCrypto Project started out in the fall of 2013 as a collaborative community effort by systems engineers, security engineers, developers and cryptographers to build up a sound set of recommendations for strong cryptography and privacy enhancing technologies catered towards the operations community in the face of overarching wiretapping and data-mining by nation-state actors. The project has since evolved with a lot of positive feedback from the open source and operations community in general with input from various browser vendors, linux distribution security teams and researchers.
This talk highlights three years of community collaboration on a 100+ page document that has been continuously evolving via mailing-list discussion and GitHub Pull-requests. We will provide a few metrics and see what kind of discussions were previsional back when we started out.
We will review novel attacks against TLS and other crypto protocols as well as leaked information on classified cryptanalysis have appeared over the last three years and compare how our guide compares against them.
While the project has been going on for three years, there's regularly renewed interest as soon as new attacks or publications on quantum computers show up. The upkeep and continuous improvement of the project are paramount and every person we can get to help us with their expertise is an improvement for the document.
We will discuss further project development and ideas towards continuous integration and testing of the project's recommended configurations as well as new threats on online privacy to be mitigated in the future.
I am self-employed and primarily do engineering work, consulting and research on IT Infrastructure Architecture, Operations & Development, High Performance Computing and Information Security. For more information visit lambda: resilient.systems.
In 2013 I joined the amazing BetterCrypto team in a collaborative effort to write a solid guide for sysadmins and management towards hardening of crypto settings in networked services and appliances.
I currently also work as a researcher at SBA-Research working on network security, applied cryptography, conducting Internet-wide surveys, attacking protocol implementations and proliferating cryptography.