Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

PGP/GnuPG Keysigning Party XIII - "Death of Clever" (password strength)

Date and Time

Wednesday, September 19, 2012 from 6:30 pm to 9:00 pm

Location

MIT Building E-51, Room 315

Presenters

Bill Ricker - bill.n1vux gmail com

Summary

A talk about PGP and GnuPG, followed by a keysigning party. Register your key in advance to participate!

Abstract

Bill gives another crypto talk, followed by our keysigning party.

“Passwords - the Death of Clever”

Easy to remember passwords are dead. The bulk breaches have given the rainbow tables too much information on how we really add numbers and punctuation. P4ssw0rd/ is insufficient entropy. Title and thesis from Steve Gibson, Security Now #366, with other sources.

A key signing party is a get-together of people who use the PGP encryption system with the purpose of allowing those people to sign each others keys. Key signing parties serve to extend the web of trust to a great degree. Key signing parties also serve as great opportunities to discuss the political and social issues surrounding strong cryptography, individual liberties, individual sovereignty, and even implementing encryption technologies or perhaps future work on free encryption software.

The basic workflow of signing someone's key is as follows:

  • Verify that the person actually is who they claim to be;
  • Have them verify their key ID and fingerprint;
  • Sign their key;
  • Send the signed key back to them

At the meeting, we go through the first two steps. Each person who preregistered their key will announce their presence and then read off their key ID and fingerprint, so everyone can verify that their copy of the list of keys is correct. Once we've run down the list, we line up, and each of us examines everyone else's photo IDs to verify that they are who they claim to be. After the meeting is over, each participant can then retrieve the keys that they've personally verified, sign those keys, and send the signed keys back to their respective owners.

In order to complete the keysigning in the allotted time, we follow a formal procedure as seen in V. Alex Brennen's “GnuPG Keysigning Party HOWTO”, attached below. It is strongly advised that if you have not been to a keysigning party before, you read this document. We're using the List-based method for this keysigning party, and the keyserver at subkeys.pgp.net.

It is essential that, before the meeting, you register on the signup form listed in the attachments. You should bring at least one picture ID with you. You must also bring your own printout of the report on that page, so you can check off the names/keys of the people you have personally verified.

The list will be printed on Wednesday afternoon, the day of the meeting; be sure to register your key for the keysigning before that. The official cutoff time is 3:00 pm.
--> -->
 
 
<type 'exceptions.IOError'>		Python 2.7.5: /usr/bin/python
Thu May 2 11:14:18 2024

A problem occurred in a Python script. Here is the sequence of function calls leading up to the error, in the order they occurred.

 /srv/www/cgi-bin/calendar in ()
    565   print '</html>'
    566 
    567 if __name__ == '__main__':
=>  568   main()
    569 
main = <function main>
 /srv/www/cgi-bin/calendar in main()
     37     if row_exists(dbh, 'events', path_info):
     38       print_html_header('BLU event: %s' % path_info)
=>   39       show_event(dbh, path_info)
     40     else:
     41       print_html_header('Nonexistent BLU event')
global show_event = <function show_event>, dbh = <connection object at 0x7f005da1b7f8; dsn: 'dbna...t='localhost' password=xxxxxxxxxxxxx', closed: 0>, global path_info = '2012-sep'
 /srv/www/cgi-bin/calendar in show_event(dbh=<connection object at 0x7f005da1b7f8; dsn: 'dbna...t='localhost' password=xxxxxxxxxxxxx', closed: 0>, evt_id='2012-sep')
    174     inc = event['include']
    175     if inc:
=>  176       text = open('%s/%s' % (doc_root, inc), 'r').read()
    177       print '<hr /><ul>'
    178       print text
text undefined, builtin open = <built-in function open>, global doc_root = '/srv/www/html', inc = '/keysignings/table-obscured.inc', ).read undefined

<type 'exceptions.IOError'>: [Errno 2] No such file or directory: '/srv/www/html//keysignings/table-obscured.inc'
      args = (2, 'No such file or directory')
      errno = 2
      filename = '/srv/www/html//keysignings/table-obscured.inc'
      message = ''
      strerror = 'No such file or directory'