London 29Sept2012

From CryptoParty
Jump to: navigation, search


CryptoParty London 29th September 2012

Our first CryptoParty London held on Saturday 29th September 2012 at Google Campus

Slides & Presentations from CryptoParty London


Private Conversations Over Instant Messaging (OTR/Pidgin/Adium)

Encrypting Emails (PGP/Enigmail/Thunderbird)

Disk Encryption (Truecrypt)

Privacy Protected Browsing (Tor Browser Bundle)

  • [Slides]
  • Screencast Video

Anonymity Techniques

Oyster Travel Card Swap

A London specific, easy, non-technical Anonymity technique would be an Oyster Travel Card swap at the London CryptoParty.

Participants could simply swap the prepaid Oyster Travel Cards that they have brought along to the CryptoParty (not necessarily the ones they actually used to travel there) with other attendees.

Any major differences in stored value left on the Oyster Cards should be settled up between participants.

N.B. the Transport for London databases are handed over to the Metropolitan Police, "in real time, in bulk", a process which the former Labour Home Secretary Jacqui Smith made exempt from the Data Protection Act 1998 by Ministerial Order, something which the current Conservative Home Secretary Theresa May has not bothered to cancel.

Swapping Oyster Travel Cards will not deprive TfL of any actual passenger travel statistics, to help them plan their network and timetables for Buses or the Tube, but it will help to anonymise the database(s) against public and private sector snoopers.

Mobile Phone Swap

The Communications Data generated by mobile phones is of three types - Location, Friendship tree (or suspect list of co-conspirators) of which number called which other number , when and for how long and your Subscriber Details.

  1. Buying an "anonymous" pre-paid mobile phone only protects your anonymity from the central registration of Subscriber Details i.e. name and address.
  2. Expensive, high end smartphones are as powerful as many computers and some models e.g. Apple iPhone attempt to track your usage and identity, especially if you purchase ring tones or music online. Others, like Google Android based phones make a virtue of their Location tracking capabilities. All of these have their uses, but present dangers to a whistleblower trying to contact a journalist or blogger or other intermediary to set up face to face meetings or to arrange whistleblower document deliveries or drops. These phones can cost hundreds of pounds, so they are not usually viable as disposable "burner" phones, unless you are also involved in drug dealing or have a corporate expense account.
  3. Buy a basic, cheap pre-paid mobile phone from a supermarket etc.. e.g. VX1 Party Phone unlocked Credit Card sized basic mobile phone Samsung GT-E1080i -a very basic voice and SMS only phone with a long battery life, available for just £9.97 including a free SIM card from one of seven network operators / billing services available from the larger Tesco supermarkets.
  4. You can buy a new pre-paid Mobile Phone from, for example, Tesco or Sainsburys etc., for as little as between £10 to £20 pounds

More details here

Lightning Talks

  • "Dog Ate My Crypto Keys" - Whole Disk Encryption
  • [Flash memory forensics to recover a changed TrueCrypt container file]
  • [Greatest Common Divisor, Graphics Processor Units & 1024 bit Public / Private Keys]
  • UK Legal Aspects of Cryptography & Anonymity (.ppt) (.pdf)

    "Privacy is the power to selectively reveal oneself to the world."
	- Cypherpunk Manifesto, 1993.

    Data retention, wiretapping, interception, stalking.. Make it 
    really f&*^ing hard for them!

CryptoParty London

Date - Sat 29th Sept

Saturday 29th September, 2012

Time - 6pm start

6pm till 11pm

Venue - Google Campus

Google Campus: Ground Floor
4-5 Bonhill Street
London EC2A 4BX
This is about midway between Old Street and Moorgate Tube stations (slightly closer to Old Street)
Directions to Google Campus on Google Maps

Registration - Register here - now full, but there is Waiting List

This will be a free event, but you will need to register your intention to attend, so that we can keep within the capacity limits of the venue.

How many people will use a pseudonym, perhaps something like Charles Farr ?

N.B. the Registration limit of 125 has now (Monday 24th September) been reached !

You can still use this Eventbrite form to be added to the Waiting List (now with over 30 people waiting for ticket cancellations)

Register here -

Existing free ticket holders - please notify us via if you cannot make it to the CryptoParty on Saturday as you hoped, so that we can allocate a place to people on the Waiting List.

What to bring with you

  • Your Eventbrite printed ticket, or at least the ticket reference number - the event is fully subscribed, so unless you can impress our Social Engineering / Blagging experts, you won't get in without one.
  • An open mind
  • A sense of humour
  • Laptop computer and charger (at your own risk) ideally with a fully charged battery. There will be quite a lot of electrical power points and extension bars for recharging, but perhaps not, not if everyone brings multiple devices
  • SmartPhone and charger (at your own risk) ideally with a fully charged battery or spare batteries (remember to set this to silent or vibrate during the presentations)
  • Rainproof clothing / umbrella (check the weather forecast)
  • Food & Drink - we are commercially non-aligned so no commercial sponsorship (at least for this first event)
  • If you want to participate in the CryptoParty Bring & Swap session, to help to confuse your digital communications and transport data trails, then bring along some PrePaid Oyster Cards, free / cheap mobile phone SIM cards, cheap prepaid mobile phone handsets or just some free webmail or social media usernames and passwords etc. which you can swap with other attendees.
  • micro SD card reader for the flash memory forensics workshop
    nwtrjAIfDIYMqmooaof7YgsxgLz+ZcU| |Jh751ms0wkds3Snl+6qBy/3HnI48qb
    jnjkjdadap/ __| '__| | | | '_ \| __/ _ \n98sau98u98a98798782hiuh 
    jxxccdsad| (__| |  | |_| | |_) | || (_) |a86K2Mzwj+99uhjk1hj1hjs
    akjskm098h\___|_|   \__, | .__/ \__\___/jd99s0a9l0990a7+dsaknad7 
    S8618Nmjsk8amJndpoqkjlnd8751nj98SNJDkZnMma| |nmMALKnAPOQIuuKNMCD
    Zn18LOomsklnma87891ncmn4I| '_ \ / _` | '__| __| | | |BhaLkw8JhGa
    shJkLKjkalk12/+1dsVcfgDsS| |_) | (_| | |  | |_| |_| |Nz87893oihj
    M09A8KaNma187HJkadnM+sdVf| .__/ \__,_|_|   \__|\__, |10Kla+4lsdN
    fuREsMg69| |8TmZum4kdCxwg5Q0Azp| |EdlyW98PR7gLSwj6EmkslgGcnyChFv
    tnCMEPf61| |M+u/ ___  _ __   __| | ___  _ __ JgkQKBgB5KCUjrVMG8x
    icZ+zUTGc| |    / _ \| '_ \ / _` |/ _ \| '_ \hOCzlzV+zWvpLbO/slx
    CIhi+aLMW| |___| (_) | | | | (_| | (_) | | | |Pt+je5KTbXzpyjxoAW
    N9Pw0/LxQ\_____/\___/|_| |_|\__,_|\___/|_| |_|LxXsgtipa1WEpdKguv
    -----END RSA PRIVATE KEY-----


From CryptoParty article by Parker Higgins of the EFF

"...a set of global get-togethers where more experienced users can teach beginners how to use the commonly available tools that tap into the incredibly powerful technology of cryptography. I hope that a beginner walks away from a #CryptoParty with an understanding of not just PGP, OTR, and the like, but with an idea of why threat models are important, what attack vectors she ought to consider, and — most importantly — a network of people and resources she can contact for even more knowledge."



  • @CryptoPartyLond (the offical twitter account for the meetup)
  • @samthetechie (just a random electronic engineer / geek trying to help make this meetup awesome, member of London Hackspace)
  • Crypt (just another geek from LHS)
  • @lamoustache (IT Smooth Operator)

CryptoParty London should be of especial interest to investigative journalists and politicians and human rights or civil liberties activists, almost none of whom use Cryptography or Anonymity tools and techniques.

  • PDJB: wanted: basics of PGP, offered: basics of Truecrypt


CryptoParty London is still in the planning stages. We are looking for a location and are looking for people willing to teach. More as the situation develops.

We would like to do hands-on workshops or give talks on:

  • Threat Models - what sort of data are you trying to protect against how well resourced and motivated an adversary ?
* United Kingdom surveillance & snooping laws [Mark]
  • Privacy / Confidentiality tools & techniques

PGP/GnuPG Public Key Cryptography software installation on multiple operating systems

      • Key generation & use
      • How long / strong a passphrase ?
      • Publishing Public Keys, how and where e.g. PGP Key Servers,
        • How to format the display of a PGP Public Key block in a web page
      • Verifying PGP/GPG Digital Signatures

Truecrypt and LUKS

      • Software download, verification and installation on multiple operating systems
      • Choosing which Cryptographic Encryption Algorithm and which Hash function
      • Full Disk or external Device Encryption
      • Encrypted container files mountable as logical disk drives
      • USB flash memory pen drives, digital camera and mobile phone memory cards, Read Write CDs or DVDs
** SSL and authentication [@lamoustache]
*** Checking the validity of a web server Digital Certificate
*** HTTPS Everywhere

Anonymity / Pseudo-Anonymity tools & techniques

** Tor and the Tor Browser Bundle [Runa]
*** Tor Hidden Services anonymous publishing
    • Open Proxies
    • Public WiFi
      • changing the MAC address of your WiFi connection

Voice Over IP (VoIP)

      • pros and cons of Skype
      • pros and cons of Mumble

Virtual Private Networks (VPNs)

    • Private or Commercial VPNs - pros and cons
    • Microsoft PPTP (avoid if possible, or tunnel something else through it)
    • OpenVPN
    • SSL VPNs via your web browser
    • Remote Desktop sharing
      • Microsoft
      • Apple
      • Web based Remote Desktop e.g. free version of LogMeIn

Mobile Phones - 2G, 3G & Apple & Android & Blackberry SmartPhones

    • Anonymity - Communications Data retention and analysis
      • mandatory for / by Law Enforcement & Intelligence Agencies
        • Call Detail Records / Charging Detail Records & Location Based Services, Friendship Trees via Data Protection Act section 29 Single Point of Contact
        • IMSI Catchers (may not be legally authorised)
        • Silent SMS pings
      • voluntary (but hard to escape) e.g. Google Latitude, Two Factor Authentication of Google or Twitter accounts etc.
    • Messaging
      • SMS text messaging (no encryption except over the air)
      • BlackBerry Messenger (1 global DES Key handed over to various Governments)
      • Smartphone Messaging Apps
      • BlueTooth
      • WiFi
      • GPS satellite location
      • Exif meta data in mobile phone camera images

Mobile Phone Anonymity techniques

      • Prepaid "Burner" Phones
      • Why swapping a SIM card in a mobile phone handset does not stop you being tracked
      • IMEI reprogramming (illegal in the UK !)
      • call forwarding through GSM Gateways & Private PABX
      • Smartphone VoIP Apps e.g. Burner App for IPhone
      • Fuzzing your Location Data Services
        • Vodafone ClearSignal 3GPP FemtoCell and a VPN tunnel
        • Directional antenna to connect to a more distant Cell
        • IMSI Catcher detection
    • Privacy
      • independently Encrypted SMS Text Messaging e.g. TextSecure
      • independently Encrypted Voice Calls e.g. OSTel, RedPhone or custom encrypted handsets like CryptoPhone
      • BlackBerry Enterprise Server (BES)
        • private / corporate BES
        • BES shared via Mobile Phone Network or third party provider
      • VPNs through Mobile Phone data connections
      • PIN codes
        • Voicemail - remember the ongoing News of the World scandal ?
        • Screen lock - often enough to stop casual illegal snooping through your Contacts and stored SMS messages
        • SIM lock
    • Mobile Phone "beeping" - pre-arranged messages via unanswered phone calls after a set number of rings - The Rules of Beeping: Exchanging Messages Via Intentional "Missed Calls" on Mobile Phones
  • Minimizing your digital footprint
  • Surveillance & Counter-Surveillance

CryptoParty Bring & Swap [Mark]

The idea is act as a "cut out" to confuse the forensic data trail leading back to the original purchase or set up of various communications  
(and travel) tools. Obtain these beforehand and then swap items of equal value with other CryptoParty attendees.
** Oyster Travel Card Swap - Prepaid Oyster Card £5 deposit + £5  minimum top up = £10
** Pre-Paid SIM Card Swap (free or 99p)
** Pre-Paid Mobile Phone top up vouchers - minimum £5 T-Mobile, £10 other networks
** Unlocked cheap "burner" mobile phone handset - (£15 - £20)
** 3G data dongle e.g T-Mobile £20 + credit
** Free webmail or social media account setup - Swap the username and initial password with another CryptoParty London attendee.
* workshop/talk/challenge on flash storage,forensics,truecrypt. [John]
** Bring a micro SD card reader 
* short lightning talk entitled "Dog Ate All My CryptoKeys" 
- an overview of whole disk encryption solutions, how they work and most importantly where they can fail - by @hackerfantastic

Want to do a workshop or a talk?

Want to do a workshop or a talk? Add it to this list. You don't have to put your name down, but please ping the organizer and other contributors to help keep everyone informed. The recent organising meeting set out a structure for the first meeting here This is meant to be a rough structure and is subject to be change, but should give a rough idea of what we aim to achieve with the first Cryptoparty


The threats to our privacy and security from government, corporate and criminal snoopers are especially great in the United Kingdom.

See the Written Evidence to the Parliamentary Joint Select Committee on Draft Communications Data Bill (.pdf] for warnings by technical and legal experts which contrast with the complacent, secretive, technologically incompetent surveillance state policy makers.

Normal, non-technical people need access to basic, practical Cryptographic and Anonymity software tools and techniques with the help of friendly, experienced users and experts.


Bring a laptop and yourself. We will post where all applicable updates are so you should install them before you come to the party. Do not bring removable media to pass out to attendees, by definition it can't be trusted. All software will have to be downloaded and cryptographically verified (don't worry, we'll teach you how to do that) by the attendee.


CryptoParty London will comply with the common sense, common courtesy, mutual respect policies set out by the London Hackspace and Google Campus venues and CryptoParty in general.

Mobiles phones should be set to silent or vibrate during talks.

Journalists are very welcome to come and learn, but please obtain people's individual consent to interview, video / audio record or photograph them, or their computer or phone screens or keyboards.

Undercover Covert Human Intelligence Sources (CHIS) are also welcome to come and learn (by definition, we cannot stop you) - at least buy us a beer on taxpayer or corporate funded expenses.

Spread the word

Please publicise CryptoParty using other media apart from Twitter (you can link to @CryptoPartyLond) e.g. blogs, email lists, FaceBook, discussion forums, word of mouth, letters to your local newspaper etc.


Event Brite


Email Lists

Contact Details

If you can contribute good graphic designs for London specific logos etc. or technical talks or can mentor non-technical people in the hands on workshops then:

a) Please ping @samthetechie, @crysison and @CryptoPartyLond via Twitter to collaborate on material and prepare for the event.

b) Use the Talk London Discussion page on this wiki

c) Please CC email to PGP Key ID: 0x54828CAA

d) Email:

PGP Key ID: 0x8997F1B8

Version: SKS 1.1.0


Personal tools

../images/crypto2.png);" href="/wiki/CryptoParty" title="Visit the main page">