Matthew McCullough's Encryption on the JVM presentation to Øredev 2010 in Malmö, Sweden.

1. @matthewmccull
©MatthewMcCullough,AmbientIdeas,LLC

2. ENCRYPTION
BOOT CAMP
Security is the mission
@matthewmccull
©MatthewMcCullough,AmbientIdeas,LLC

3. ©MatthewMcCullough,AmbientIdeas,LLC

5. ENCRYPTING?
statistics say 76% are not

8. DATA BREACHED
at 85% of companies in just
the last 12 Months

14. ANCIENT HISTORY
Everything old is new again

15. ANCIENT HISTORY
Everything old is new again

16. 44 B.C.
That’s 2,054 years ago...

19. Sensitive
Data

20. Plain
Sight
Sensitive
Data

21. Plain
Sight
Recipientor
Storage
Sensitive
Data

22. Plain
Sight
Recipientor
Storage
Sensitive
Data
C
ontents
O
bscured

24. Julius Caesar

27. Caesar Cipher
A B C D E F G
A B C D E F G
a.k.a.
ROT(2)
Shift Cipher

28. Caesar Cipher
A B C D E F G
A B C D E F G
a.k.a.
ROT(2)
Shift Cipher

29. Caesar Cipher
A B C D E F G
A B C D E F G
a.k.a.
ROT(2)
Shift Cipher

30. Caesar Cipher
a.k.a.
ROT(2)
Shift Cipher

31. 200 lines for a
complete implementation
of Caesar Cipher

32. Leave the ciphers
to the career
cryptographers

33. BROKEN
Perfectly safe data is a myth

34. BROKEN
Perfectly safe data is a myth

35. Compromised

36. Compromised
★ Every algorithm is vulnerable

37. Compromised
★ Every algorithm is vulnerable
★ Crack by real-time brute force

38. Compromised
★ Every algorithm is vulnerable
★ Crack by real-time brute force
★ Crack by pre-computed tables

39. Compromised
★ Every algorithm is vulnerable
★ Crack by real-time brute force
★ Crack by pre-computed tables
★ Function of
time + money + hardware

40. and yet open algorithms are
still the best

41. delicious.com/matthew.mccullough/encryption

42. JCE PRIMER
The world of Java crypto

43. JCE PRIMER
The world of Java crypto

44. JavaCryptographyExtension
★ Known as JCE
★ Included in all JREs Since Java 1.2
★ Pluggable provider architecture
★ JCE extends Java Cryptography
Architecture (JCA)

45. JCE Providers
Default Sun JRE Providers
★ SUN
★ SunJCE
★ SunJSSE
★ SunRsaSign

46. RegisteringaProvider
Static
★ <java-home>/lib/security/java.security
★ security.provider.n=masterClassName

48. RegisteringaProvider
Dynamic★ java.security.Security class
★ addProvider()
★ insertProviderAt()
★ Not persistent across VM instances

49. Encryption Law
& the JCE
country borders stop bits

50. JCE Strength
★ Jurisdiction Policy Files
★ Two variants
★ Algorithm strength differences

51. Strong

52. Strong

53. Unlimited

54. Unlimited

55. JCE Strength

56. JCE Strength
★ Strongstrength included in all JREs

57. JCE Strength
★ Strongstrength included in all JREs
★ Unlimitedstrength is a separate download
available based on US export rules

61. Strong Policy
// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
permission javax.crypto.CryptoPermission "RC5", 128,
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", 2048;
permission javax.crypto.CryptoPermission *, 128;
};

62. “Strong” Key Limits
Algorithm Max Key Size
DES 64
DESede
3des
168
RC2 128
RC4 128
RC5 128
RSA 2048
Others 128

64. “Unlimited” Key Limits
Algorithm Max Key Size
DES ∞
DESede
3des
∞
RC2 ∞
RC4 ∞
RC5 ∞
RSA ∞
Others ∞

65. Digests &
Hashes
One way functions

66. What is a Hash?
★ Small set of bytes representing a large
message
★ Small change in message = large change in
digest
★ Digests also known as hashes
★ Same algorithms, different purposes

67. What is a Digest?
★ Integrity check (MIC) for chunk of data
or
★ Password storage mechanism

68. MessageDigest

69. MessageDigest
★ java.security.MessageDigest

70. MessageDigest
★ java.security.MessageDigest
★ Many algorithms available

71. MessageDigest
★ java.security.MessageDigest
★ Many algorithms available
★ MD2

72. MessageDigest
★ java.security.MessageDigest
★ Many algorithms available
★ MD2
★ MD5 (128 bit)

73. MessageDigest
★ java.security.MessageDigest
★ Many algorithms available
★ MD2
★ MD5 (128 bit)
★ SHA-1(160 bit)

74. MessageDigest
★ java.security.MessageDigest
★ Many algorithms available
★ MD2
★ MD5 (128 bit)
★ SHA-1(160 bit)
★ SHA-256

75. MessageDigest
★ java.security.MessageDigest
★ Many algorithms available
★ MD2
★ MD5 (128 bit)
★ SHA-1(160 bit)
★ SHA-256
★ SHA-384

76. MessageDigest
★ java.security.MessageDigest
★ Many algorithms available
★ MD2
★ MD5 (128 bit)
★ SHA-1(160 bit)
★ SHA-256
★ SHA-384
★ SHA-512

77. MessageDigest

78. MessageDigest

79. MessageDigest
U. S. Department of Homeland
Security said MD5is
"considered cryptographically broken
and unsuitable for further use"

80. download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html

81. System.out.println("Message1 SHA1 digest: "
+ shaAndBase64Encode(message1));
System.out.println("Message2 SHA1 digest: "
+ shaAndBase64Encode(message2));
}
/**
* Helper function to both SHA-1 hash and
* base64 encode the resulting bytes to a String
*/
public static String shaAndBase64Encode(String message)
throws NoSuchAlgorithmException {
MessageDigest sha = MessageDigest.getInstance("SHA-1");
//Salt could be applied here
//Integer salt = <some random number generator>
//sha.update(salt.getBytes());
byte[] digest = sha.digest(message.getBytes());
return new sun.misc.BASE64Encoder().encode(digest);
}
}

82. *
* Demonstrate that very similar messages
* have radically different hashes.
*/
public class MessageDigestSHA
{
public static void main( String[] args )
throws NoSuchAlgorithmException
{
//Set up the message to be encoded
String message1 = "Four score and seven years ago";
String message2 = "Four score and seven tears ago";
System.out.println("Message1 SHA1 digest: "
+ shaAndBase64Encode(message1));
System.out.println("Message2 SHA1 digest: "
+ shaAndBase64Encode(message2));
}
/**
* Helper function to both SHA-1 hash and
* base64 encode the resulting bytes to a String
*/
public static String shaAndBase64Encode(String message)
throws NoSuchAlgorithmException {

83. *
* Demonstrate that very similar messages
* have radically different hashes.
*/
public class MessageDigestSHA
{
public static void main( String[] args )
throws NoSuchAlgorithmException
{
//Set up the message to be encoded
String message1 = "Four score and seven years ago";
String message2 = "Four score and seven tears ago";
System.out.println("Message1 SHA1 digest: "
+ shaAndBase64Encode(message1));
System.out.println("Message2 SHA1 digest: "
+ shaAndBase64Encode(message2));
}
/**
* Helper function to both SHA-1 hash and
* base64 encode the resulting bytes to a String
*/
public static String shaAndBase64Encode(String message)
throws NoSuchAlgorithmException {

84. Input
Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38=
Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc=
String message1 = "Four score and seven years ago";
String message2 = "Four score and seven tears ago";
Result

85. SYMMETRIC
My key is your key

86. SYMMETRIC
My key is your key

87. Why Symmetric?

88. Why Symmetric?
★ Fast

89. Why Symmetric?
★ Fast
★ Well suited for bulk data

90. Using Symmetric

91. Using Symmetric
★ Secure network for passing keys
or

92. Using Symmetric
★ Secure network for passing keys
or
★ Never decrypted at remote end

93. Symmetric
A B

94. Symmetric
Message/FileA B

95. Symmetric
A’s
256 bit
symmetric
key
Message/FileA B

96. Encrypted with
256 bit symmetric key
Symmetric
A’s
256 bit
symmetric
key
Message/FileA B

97. Encrypted with
256 bit symmetric key
Symmetric
A’s
256 bit
symmetric
key
Message/FileA B

98. Symmetric
A’s
256 bit
symmetric
key
Message/FileA B

99. Symmetric
A’s
256 bit
symmetric
key
Message/FileA B

100. How do we securely get
the key from Alice to Bob?

102. import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import sun.misc.BASE64Encoder;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SymmetricEncrypt
{
public static void main( String[] args )
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException
{

103. import sun.misc.BASE64Encoder;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SymmetricEncrypt
{
public static void main( String[] args )
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException
{
final String message1 = "Four score and seven years ago";
//Build a new encryption key
final KeyGenerator keyGen = KeyGenerator.getInstance("DESede");
keyGen.init(168);
final SecretKey desKey = keyGen.generateKey();
//Set up the cipher
final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
//////////////////////////////////////
//Put the cipher in encryption mode
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
//Encrypt and output the base64 data
byte[] clearText = message1.getBytes();
byte[] encryptedBytes = desCipher.doFinal(clearText);

104. final String message1 = "Four score and seven years ago";
//Build a new encryption key
final KeyGenerator keyGen = KeyGenerator.getInstance("DESede");
keyGen.init(168);
final SecretKey desKey = keyGen.generateKey();
//Set up the cipher
final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
//////////////////////////////////////
//Put the cipher in encryption mode
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
//Encrypt and output the base64 data
byte[] clearText = message1.getBytes();
byte[] encryptedBytes = desCipher.doFinal(clearText);
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//////////////////////////////////////
//Put the cipher in decryption mode
desCipher.init(Cipher.DECRYPT_MODE, desKey);
//Decrypt and output the original string
byte[] decryptedBytes = desCipher.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}

105. //Set up the cipher
final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
//////////////////////////////////////
//Put the cipher in encryption mode
desCipher.init(Cipher.ENCRYPT_MODE, desKey);
//Encrypt and output the base64 data
byte[] clearText = message1.getBytes();
byte[] encryptedBytes = desCipher.doFinal(clearText);
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//////////////////////////////////////
//Put the cipher in decryption mode
desCipher.init(Cipher.DECRYPT_MODE, desKey);
//Decrypt and output the original string
byte[] decryptedBytes = desCipher.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}

106. Input
Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g=
Decrypted text: Four score and seven years ago
String message1 = "Four score and seven years ago";
Result

107. SYMMETRIC
Identical keys for encryption and decryption

108. Block

109. Block
Predefined content length

110. Block
Predefined content length
★ Well-known end to the content

111. Block
Predefined content length
★ Well-known end to the content
★ Files on disk

112. Block
Predefined content length
★ Well-known end to the content
★ Files on disk
★ Inefficient when padding

113. DES
Data Encryption Standard
★ Block cipher
★ Banking industry
★ DES is known to be broken

114. 3DES
Triple Data Encryption Standard
★ Block cipher
★ a.k.a DESede
★ Basically three passes of DES
★ Reasonably strong

115. Blowfish
★ Block cipher
★ Unpatented (intentionally)
★ Secure replacement for DES
★ Faster than DES
★ 32 to 448 bit keys
★ Overshadowed by AES

116. AES
Advanced Encryption Standard
★ Block cipher
★ Government standard
★
Rijndael algorithm
(Joan Daemen, Vincent Rijmen)
★
4 years of evaluation
★
Final in December 2000
★ Very Secure

117. ENCRYPTED = SAFE,
RIGHT?
information leakage from encrypted data

118. ENCRYPTED = SAFE,
RIGHT?
information leakage from encrypted data

119. Encryptedisn’tenough?
http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

120. Use anything instead of
ECB!

121. CBC, PCBC, CFB, OFB, GCM

123. SECURE KEY EXCHANGE
securely swapping symmetric keys

124. SECURE KEY EXCHANGE
securely swapping symmetric keys

127. Diffie-Hellman

128. Diffie-Hellman
Key Agreement Protocol

129. Diffie-Hellman
Key Agreement Protocol
★ Alice & Bob independently generate the shared
(session) key

130. Diffie-Hellman
Key Agreement Protocol
★ Alice & Bob independently generate the shared
(session) key
★ Published 1976, but invented earlier

131. DH Diagrammed
A B

132. DH Diagrammed
A B
predetermined and openly shared

133. DH Diagrammed
A B
predetermined and openly shared
g = random
g = 11

134. DH Diagrammed
A B
predetermined and openly shared
g = random
g = 11
p = prime
p = 23

135. DH Diagrammed
A
picks a = 6 picks b = 4
B
predetermined and openly shared
g = random
g = 11
p = prime
p = 23

136. DH Diagrammed
A
picks a = 6
A= ga mod p
picks b = 4
B B= gb mod p
predetermined and openly shared
g = random
g = 11
p = prime
p = 23

137. DH Diagrammed
A
picks a = 6
A= ga mod p
9=116 mod 23
picks b = 4
B B= gb mod p
13=114 mod 23
predetermined and openly shared
g = random
g = 11
p = prime
p = 23

138. DH Diagrammed
A
picks a = 6
A= ga mod p
9=116 mod 23
picks b = 4
B B= gb mod p
13=114 mod 23
predetermined and openly shared
g = random
g = 11
A=9B=13
p = prime
p = 23

139. DH Diagrammed
A
picks a = 6
A= ga mod p
9=116 mod 23
picks b = 4
B B= gb mod p
13=114 mod 23
K= Ba mod p K= Ab mod p
predetermined and openly shared
g = random
g = 11
A=9B=13
p = prime
p = 23

140. DH Diagrammed
A
picks a = 6
A= ga mod p
9=116 mod 23
picks b = 4
B B= gb mod p
13=114 mod 23
K= Ba mod p
6= 136 mod 23
K= Ab mod p
6= 94 mod 23
predetermined and openly shared
g = random
g = 11
A=9B=13
p = prime
p = 23

141. DH Diagrammed
A
picks a = 6
A= ga mod p
9=116 mod 23
picks b = 4
B B= gb mod p
13=114 mod 23
K= Ba mod p
6= 136 mod 23
K= Ab mod p
6= 94 mod 23
predetermined and openly shared
g = random
g = 11
A=9B=13
p = prime
p = 23
Encryption can begin

142. What’s wrong
with this?

143. RANDOM NUMBERS
Seed the machine

144. RANDOM NUMBERS
Seed the machine

145. SecureRandom
★ java.security.SecureRandom
★ Cryptographically strong pseudo-random
number generator (PRNG)
★ “Unable to distinguish from a true random
source”
★ Used in combination with many ciphers

146. package com.ambientideas;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SecureRandomNumber
{
public static void main( String[] args ) throws
NoSuchAlgorithmException
{
//Do the expensive one time setup of the

147. import java.security.SecureRandom;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SecureRandomNumber
{
public static void main( String[] args ) throws
NoSuchAlgorithmException
{
//Do the expensive one time setup of the
// random number generator instance
SecureRandom prng = SecureRandom.getInstance("SHA1PRNG");
//Get the next random number
String randomNum = new Integer( prng.nextInt() ).toString();
System.out.println("Random number: " + randomNum);
}
}

148. * a more expensive, but cryptographically secure random number.
*/
public class SecureRandomNumber
{
public static void main( String[] args ) throws
NoSuchAlgorithmException
{
//Do the expensive one time setup of the
// random number generator instance
SecureRandom prng = SecureRandom.getInstance("SHA1PRNG");
//Get the next random number
String randomNum = new Integer( prng.nextInt() ).toString();
System.out.println("Random number: " + randomNum);
}
}

149. Result
Random number: 1633471380

150. ASYMMETRIC
Throwing away keys
faster than an intern locksmith

151. ASYMMETRIC
Throwing away keys
faster than an intern locksmith

154. RSA
★ Ron Rivest, Adi Shamir, Leonard Adleman
★ Published in 1978
★ M.I.T. Patented in 1983
★ Patent Expired in 2000

155. RSA
A B

156. RSA
Message/FileA B

157. RSA
B’s
2048 bit
public key
Message/FileA B

158. Encrypted with
2048 bit RSA key
RSA
Message/FileA B

159. Encrypted with
2048 bit RSA key
RSA
B’s
2048 bit
private key
Message/FileA B

160. RSA
Message/FileA B

161. RSA
Message/FileA B

162. import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import sun.misc.BASE64Encoder;
/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random

163. public static void main( String[] args ) throws
NoSuchAlgorithmException, NoSuchProviderException,
IOException, NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException
{
final String message1 = "Four score and seven years ago";
// Generate the Key Pair
final KeyPairGenerator keyGen =
KeyPairGenerator.getInstance("RSA");
final SecureRandom random =
SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);
KeyPair pair = keyGen.generateKeyPair();
final PrivateKey privKey = pair.getPrivate();
final PublicKey pubKey = pair.getPublic();
//Encrypt using the private key
Cipher rsa = Cipher.getInstance("RSA/OFB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] encryptedBytes = rsa.doFinal(message1.getBytes());
BASE64Encoder b64e = new sun.misc.BASE64Encoder();

164. KeyPair pair = keyGen.generateKeyPair();
final PrivateKey privKey = pair.getPrivate();
final PublicKey pubKey = pair.getPublic();
//Encrypt using the private key
Cipher rsa = Cipher.getInstance("RSA/OFB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] encryptedBytes = rsa.doFinal(message1.getBytes());
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//Decrypt using the private key
rsa.init(Cipher.DECRYPT_MODE, privKey);
byte[] decryptedBytes = rsa.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}

165. final PublicKey pubKey = pair.getPublic();
//Encrypt using the private key
Cipher rsa = Cipher.getInstance("RSA/OFB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] encryptedBytes = rsa.doFinal(message1.getBytes());
BASE64Encoder b64e = new sun.misc.BASE64Encoder();
String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);
//Decrypt using the private key
rsa.init(Cipher.DECRYPT_MODE, privKey);
byte[] decryptedBytes = rsa.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}

166. Input
Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/
ARisj/zLtC7Xn6iJgNQPhc16wkVZhCF
em7oNoim+ooTUDDZQ+E3qP6y/
DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwf
atpySkOhGqWS63bPNRs=
Decrypted text: Four score and seven years ago
String message1 = "Four score and seven years ago";
Result

167. Encryption Speed
asymmetric can be 1000x slower
than symmetric

168. Key Size & Security

169. Key Size & Security
Symmetric
KeySize
160bitDES

170. Key Size & Security
Symmetric
KeySize
Asymmetric
KeySize
1024bitRSA
160bitDES

171. Key Size & Security
Symmetric
KeySize
Asymmetric
KeySize
Security
1024bitRSA
112bits
160bitDES

172. Key Size & Security
Symmetric
KeySize
Asymmetric
KeySize
Security Security
1024bitRSA
112bits
160bitDES
128bits

173. What do we do about that?

174. BLENDED
symmetric with a twist of asymmetric

175. BLENDED
symmetric with a twist of asymmetric

176. PGP
A B

177. PGP
Message/File
A B

178. PGP
Random generated
256 bit symmetric key
Message/File
A B

179. Encrypted with
256 bit symmetric key
PGP
Random generated
256 bit symmetric key
Message/File
A B

180. Encrypted with
256 bit symmetric key
PGP
Random generated
256 bit symmetric key
B’s
2048 bit
public key
Message/File
A B

181. Encrypted with
256 bit symmetric key
Encrypted with
2048 bit RSA key
PGP
Random generated
256 bit symmetric key
Message/File
A B

182. Encrypted with
256 bit symmetric key
Encrypted with
2048 bit RSA key
PGP
Random generated
256 bit symmetric key
Message/File
A B

183. Encrypted with
256 bit symmetric key
Encrypted with
2048 bit RSA key
PGP
Random generated
256 bit symmetric key
B’s
2048 bit
private key
Message/File
A B

184. Encrypted with
256 bit symmetric key
PGP
Random generated
256 bit symmetric key
Message/File
A B

185. PGP
Message/File
A B

186. PGP
Message/File
A B

187. Don’t forget
the humans

188. http://xkcd.com/538/

189. http://xkcd.com/538/

190. ENCRYPTION BOOT CAMP
Security is the Mission
Email
Twitter
Blog
Matthew McCullough
matthewm@ambientideas.com
@matthewmccull
http://ambientideas.com/blog