 may know when we're streaming. Okay, I'll go ahead and start streaming and let you know. Okay. Okay, we're live. Hi, everyone. Welcome to the April 2020 edition of Wikimedia Technical Talks. The Technical Talks is a monthly series where speakers share their knowledge of technology used on Wikimedia projects. Members of the community are encouraged to propose talks and participate. And you can learn more about these talks on the mediawiki.org page, which is linked to the description from YouTube. Today's speaker is Lars Wozanius, a senior software engineer at the Wikimedia Foundation. Please feel free to share questions for Lars through the YouTube livestream and through IRC on the Wikimedia staff channel. When Lars has finished with his talk, I'll share your questions with him. If there's a question that we can't get to or need more context for, we'll follow up with you after the talk. So without further ado, I'll hand it over to Lars. Hello. I will start by saying a couple of words of myself. I've been working at the foundation for a little over a year. I am not an expert on cryptography, which considering the topic of the talk is a little bit of a surprise, but I've been playing with the BGP and related technology since 1995. And for a little while, I maintained BGP, the package in Debian in the mid-90s. But without anything else. The girl of this talk is to talk about why cryptography is important and how does it work at this conceptually, if not with deep math. The math thing is the one I don't really know. To me, it's magic, but I can go through that for myself if I need be, but I don't want to confuse other people. And then a little more specifics on how to use these tools and then follow ups. So why would anyone attack any special person, any particular person in the current audience? And the vision is usually that you might be important. You might be the president of Russia and that's important. Or you might have important data. You might work for the Wikimedia Foundation and need to have one on the computer, some personal information about people who use Wikimedia. And the government of China might be interested in that. Or you might have a really powerful laptop and someone might want to use that remotely. Or it might be that you're not important, but someone might want to get someone else via you. So for example, if your boss, if the foundation ED Catherine is trusts you and believes everything you say, then you become much more valuable as a target. Or it might just be that you're an easy target. I know how that feels. And there are various ways of doing attacks. An attacker might pretend to be you or might pretend to be someone else to you. Impersonation is the word. They might falsify files that people download. So the media, the target release, for example, which is used by NASA. And if NASA is an interesting target, then tampering with the Wikimedia, sorry, media Wikitarboard release is a way to attack them. Or it might be that someone just wants to eavesdrop. And I'm sure there are other attacks, but those will do. There are all sorts of attackers or potential attackers. There might be governments, law enforcement or espionage, organizations in any country, not necessarily your own. They might be a large private organization, like, say, a huge multinational corporation. It might be a criminal organization and so on. Or it might just be that someone has too much time. And one of the primary defenses here is then cryptography, especially widespread use of cryptography so that you don't stand out when you use cryptography. And the most common example of that today is HTTPS, which is now almost everywhere. And it is considered bad form for a website to not provide its contents over HTTPS. Apart from cryptography, there's also other tools that can be used and training to use them and do things, the words infosec and obcec are used here, so related. And in general, I would have it. All the things you've ever seen in a spy movie apply, although sometimes they apply in the reverse. So don't do the things that spies do in the movies. Security is difficult. Perfect security seems to be a fantasy, but there are levels that are important. And I like to compare this with driving, a car. So if you just need a car, so you can go to the grocery store and buy food, although that might be a bad example right now. But for driving, for emergency, you need different kind of driving than if you drive for Formula One. And you can't even sit in a Formula One car until you've gone through a whole bunch of driving training. And the problem with all of this is that if the attacker is sufficiently motivated or well-funded, they will win. And that's not good news for anyone. So every day uses of cryptography is... It sounds like something that early spies in movies care about, although cryptography in movies tends to be a really bad thing. They always get it completely wrong. I tend to... Sorry, I tend to sign all my email, especially personal email, not because I'm a particularly valuable target, but I think it's a good habit to have. I occasionally encrypt important email, email about things that is not supposed to leak. And those tend to be very personal issues. Either for me or for the other party. I sign git tags so that the release is fixed and it cannot be modified and it cannot be falsified. I sometimes sign commits as well. That would be something that I think would be good for more people to do. Software releases should be signed so that downloads can be verified. So modern cryptography knows two kinds of cryptography. There's symmetric, which is the traditional one, and asymmetric also known as public key cryptography, which is the new invention. In symmetric encryption, you have one key and you both encode or encrypt and decrypt with the same key. So the secret stays secret only as long as you shared the key. And this is very, very strong, except how do you transfer the key to the other party? Say I make a tarball release of midi-key and I trip that with a symmetric encryption key and anyone who has that key can verify that my file is correct. But if they need a key to decrypt that or if they have that key, they can make their own tarball release and then there's no security. So that's not good. In asymmetric encryption, there are two keys and they are linked. And they are linked so that if you encrypt with one key, you can only decrypt with the other key. And vice versa. So the same key that you use for encryption cannot be used for decryption. And this is called public key encryption because one of those keys is usually called the public key and the other one is the secret key. And the idea is that anyone can have a copy of the public key. So if I want to make a, and only I have a copy of my secret key. And if I make that tarball release, I will sign it with my secret key and it will publish the tarball and the signature. And anyone who has my public key can verify the signature but they can't make a new signature. So it's a, the so-called key distribution problem is much, much simpler. The public key cryptography was first publicly invented in 1977. That's not a very long time ago. I was in school by then. It was supposedly not the first invention of that technology. The British encryption people invented it in the 1950s, but they decided it's too useful for them to ever tell anyone. So they don't really get the credit. The invention of the RSA algorithm in 1977 and the publication of that basically started the non-government cryptography research. And the whole field exploded in the late 70s, early 80s. And it happened that in 1991, someone who was concerned about, I think, anti-nuclear demonstrations, wrote a program called Pretty Good Privacy or PGP. And that was the first implementation of public key cryptography that was popular and freely usable by anyone. I'm sure there were other implementations, but those went really popular. And PGP then caused another explosion in e-popularity. And throughout the 90s, the US government, especially, but also other governments, wanted to combat this. They did not like people having secrets. They tried to do this by, for example, having export restrictions on cryptography. Very early in the 90s, they were supposedly worried that the Soviet Union would have encryption, but not getting into that now. It's a wrong story. But basically from the early 90s, the United States wanted to curtail the use of encryption. But even so, encryption is so useful and so important that people started using it anyway. In 1995, the Secure Shell or SSH, the Secure Socket Layer or SSL, they're both first launched. These allow strong encryption, the public encryption, to be used across network connections. And now the crypto wars got worse. And the US export restrictions meant that you could have encryption and you could export encryption, but the exported encryption should be so weak that the US could break it. If the US can break it, then basically anyone else can go as well. Anyone with a bit of money. This did not stop crypto from becoming more and more popular. And some of you may have heard of the mobile phones and keep their data now. And iPhones have been using that for a little longer. And the FBI keeps saying that they can't combat crime at all because criminals use iPhones and they can't open those. So we are now living in the second crypto wars. So SSH and HTTPS are used everywhere. Anyone who administers Unix machines, Unix server uses SSH. All the other days of doing that are so insecure that nobody wants to use them anymore. These are for transfers. So we call it data in transit. So while data moves across the internet, nobody can read that. They do not, however, guarantee that the data you get over HTTPS is what the person who put it available on the web meant you to have. Because if the server that serves the page or this file, if that's reached, someone breaks in there, then HTTPS cannot guarantee that the data hasn't been tampered with before it's sent to HTTPS. For that, PGP is still one of the most popular tools. As it happens, the original PGP software was sold and bought and multiple times. And it became proprietary, no longer free to use. So free software hackers wrote a version called new PG from scratch. And it basically has replaced the original PGP in styling. But because interoperability is important, they then also wrote a standard called OpenPGP of which new PG is just one implementation, although the most popular one. And there are versions of the OpenPGP standard implementations for all popular computer operating systems, possibly mobile phone systems as well. I haven't actually checked. And PGP is good for data trust. It's also good for transfers. So if you encrypt the file, you can transfer the encrypted file over a non-encrypted channel. But more importantly, even if you use HTTPS for transferring the file, the PGP signature verifies that it hasn't been tampered with. I will now do a demo, which will traditionally break. As you know, I figured out how to use... To, and then I will switch to my other window. That should look like a thermal window. Can someone confirm in chat? Yes. Thank you. So the first thing I will demo is I will show how to generate a PGP team with new PG. I have the software is installed. This is a Debian system, since I'm a geek and I don't use Mac or Windows. But that's the command. This generates a new key using a quick approach. So it asks fewer questions for a made-up name with a really email address. And I'll get back to why the made-up name is important. And then I say, yes, it should do that. Everyone, please look away. I'm writing my password. Okay, that did not work. Okay, so now it generates a key. I have a key and this command will... The capital K option shows the private key. It tells me that I have a key. This part, the long hexadecimal number is called the fingerprint. That's the best identifier for the key. And the other part, it tells me the algorithm and key size. And when it was created and when it expires, I'm going to ignore all of that for now. The important bit is that we have a key. And then you may notice that I was able to set a name that I chose as far as I know there is no version of that name. So GPG has no way of making sure that this key is a business person actually exists. This downwards my actual key, which looks like gibberish, which is intentional. The key as such is not meant to be human readable. And then I'm importing it. GPG maintains a key ring, as it's called. And one can import other people's public keys to the key ring with that command. You don't need to make note of all these commands. There are excellent tutorials all around the internet. So I have imported the key. And it tells me that someone called Narciss Enus has that key. And then I can list all the keys. I have all the business or the public keys. That's capital K list of secret keys. So there's one with the one I just created. And this is my other key. And the interesting part here then is that how do you know that which key belongs to which person? Since anyone can create a key and they can put in any person's name, any name they want there, also any email address. GPG has no way of checking that. There is a procedure called signing keys or certifying keys. And that means that I can ask these Florenceus persons. I can verify that this key, which is my real key, belongs to this person. And I ask Florenceus certify that this is so. And then anyone who knows Florenceus and trusts them to be honest can trust the key. And if anyone actually knows Florenceus and thinks they're honest I have a bridge to sell you. And one can sign. So any key can be associated with any number of names. I don't want to sign all of those. I will only sign my Wikimedia address. And then I sign it and it tells me the fingerprint which I should verify very carefully. And the name and email address which I should also verify carefully. So I as Florenceus should go and meet this large person and verify in person or in some other way that the fingerprint is theirs and also verify their identity. And this can be done in various ways. And the important witness is that I as Florenceus need to be convinced that this person is the person they claim to be. And yes, I'm very convinced that this is the person. And I have signed the key and then I will save it. And if I list the signatures I can see that Florenceus has actually signed that key now which is nice of Florenceus very just for the but now Florenceus has a signature locally and that's fine except it's not of no use for anyone else. So what happens then is that Florenceus exports the key from sorry, I am missing a step here from my notes. So let's go back. So Florenceus exports the key from the key ring into a file. This is what it looks like. It has some information saying it's a public key and then a little gibberish. We don't need to get about that. And then the idea is that Florenceus encrypts this file which has Florenceus signature or largest key and then my hat and we have this is the encrypted file says BGP message and I have no way of decrypting this unless I have one of those secret keys. It has been encrypted for large and for Florenceus. So if Florenceus they can see the public key block. An encrypted message can be encrypted to any number of recipients which is very handy if you want to talk to many people. But so we have an encrypted message, the ASC file at the end. And if we give this file to Lars in some way then only if Lars so basically if you email these to Lars then this verifies that the email address also works. If Lars can decrypt the message sent to the email address then clearly the address works. However, since I don't want to actually go via email I'm going to pretend that that can be done. I just copied the file somewhere where Lars can find it and then see if Lars can actually find it. Yes, Lars can decrypt the message. Excellent. So Lars can then copy paste it from another window and we will go coms in. So the first part of this command decrypts the message and then it feeds that decrypting message to GPG import so that the signature can be imported. And yes, we imported one new signature. The idea is that our entities basically need to find every email address of Lars and send it separately to each of them and if this verifies that all those email addresses work. If that sounds like a lot of work you're entirely correct. Luckily there is two links to help. Let's try something else. Let's create a secret message and sign, not encrypt but sign that with clear filing and it looks like this. This is the secret message and if we copy that file to the temporary directory so that Lars can see that then this is the secret message and we cannot check the signature because there's no public key. So what we do is we export our entities' key. That was not what I meant to do. This copy pasting thing is difficult. We import the public key and we decrypt the message again and now we have a good signature. This Lars has not signed our entities' key and the GPG doesn't fully trust the signature because it can't verify the identity. It can't verify that the identity is trusted but it tells you that the secret message is there. However, if someone modifies the message while it's in transit so a perfectly reasonable message it has a lot of PGP gibberish around it so it must be valid. However, if the recipient does this PGP will tell me that the signature is bad because I modified the message without generating a new signature and therefore I can't trust the message. This is a different case from I can't that the signature is good but I can't trust the identity. So that's the thing that needs to be able to be done so that communication over the internet is not vulnerable to attackers especially attackers who want you to change passwords. That was a quick demo. So the next thing you should do is make a key if you don't already have one and then get it signed by your coworkers or other people using PGP. I'm not going to go through all the steps in the extreme detail because there are guides online. There are two links on those PDFs if you want to try those and if you have trouble with any of these the software then ask for help there are plenty of people in the foundation who know how to do this and possibly we could arrange some hands-on training so in one to one more small groups there's a link there for the source code of the slides if anyone wants to. I will be making these slides, the PDF available and links are there as well. That's it from me. Does anyone have any questions? Awesome. Just a reminder that we'll be taking questions on the YouTube live stream on the IRC Wikimedia office channel and I'll go ahead and check those two venues right now. We have a few thank yous from folks but right now we don't have any questions. I'll wait for a minute on the live stream and then what we can do as well I know the link was changed before the talk and maybe folks will catch up with it later and we'll see if people send questions we're more than happy to get those to Lars to get them answered as well. It looks like we don't have any questions at this time so I want to thank you for coming and speaking with us that was a really interesting talk and I was kind of side-channeling I like to rename this talk kittens and cryptography the images are so cute so thank you for joining us and thank you Brendan also for helping with AV we'll be back next month with another talk. Thanks. Thank you. Bye.