This is an old revision of the document!

Crypto-anonymity knowbase

Crypto-anonymity knowbase
founder: overdrive
depends on:
interested: ruza
software license: -
hardware license: -
status: active

Aim of this project is to create knowledge base for everybody who need or want to behave in secure way, because “Informations want to be free!” but “Privacy does matter!”

I [we] want to collect all privacy and cryptography related projects of BRMLAB here, too.

Do not hesitate to contribute.

TODO: - at the moment all

Totaly basic and practical HowTo

Certainly, I don't run the NSA, but it doesn't take much more than a middling operations professional to tell you that exception processing is the key. Attacking this stuff is a question of priorities.

Though experiment: What order of difficulty would you assign:

  • Compromising a vendor (including keys and users passwords- which might be reused).
  • Injecting poor RNG (with vendor cooperation).
  • Stealing a master key.
  • Stealing a session key.
  • Stealing a password to master or session key.
  • Dictionary-attacking a password.
  • Brute-forceing a weak password.
  • Compromising an endpoint.
  • Compromising a physical machine.
  • Rubber-hoseing a password.
  • Brute-forceing a strong password.
  • Brute-forceing a weak key.
  • Brute-forceing a strong key.

Talks & Events

Privacy oriented OS distros

Crypto / Anonymity networks


Multi-party Off-the-Record Messaging

  • - Schleuder is a gpg-enabled mailinglist with remailer-capabilities. It is designed to serve as a tool for group communication: subscribers can communicate encrypted (and pseudonymously) among themselves, receive emails from non-subscribers and send emails to non-subscribers via the list. Schleuder takes care of all de- and encryption, stripping of headers, formatting conversions, etc. Further schleuder can send out its own public key upon request and receive administrative commands by email.

Configure email for Multi-party messanging

Have a server with a master key that decrypts incoming mail, re-encrypts with board members' individual subkeys? If it *has* to be the same email account, does it support IMAP? If so, IMAP behaves like a folder; you can take stuff out, and put it back in again. A Python script could be written to scan over new mail, remove “master key” mail and deposit “subkey-re-encrypted” mail. When members access the mail, it will usually have been accessed, re-encrypted and replaced with one they can decrypt. If not, they'll have to wait a few minutes and try again.


Useful Software for different platforms



What to do, when police come/summon you

Police in democratic-law following country play a game with you, they are sure, you are afraid and unsure of law and situation, keep it in mind This howto is based on Overdrive's experience, not really universal

  • keep in mind, that you are suppose to but you must pay visit of em' if cops summon you not testyfy [according Czech law]
  • do not afraid and be sure of what are you talking about
  • do not tell them anything, they are not asking directly, yes, now or I do not know is answer too
  • do not carry electronic devices full of data with you [if possible]
  • lawyer number in wallet could be usefull, in case you go to prisson, debts are no prob., in case he will help, you will get some money to pay
  • do not do small-talks with cops, even personal talks will allow them to get a lot more info, than you recognize at first [kind of good/bad cop game]
  • to not play cheeky monkey, do not try to outsmart them, do not by aggresive just cooperate, but minimally

this howto is ment for moments, when they want something from you, in case you need them, use it is oppsite way [not only last point ;]

Useful/BRLABERS Public Keys

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki