The BetterCrypto Project started out in the fall of 2013 as a collaborative community effort by systems engineers, security engineers, developers and cryptographers to build up a sound set of recommendations for strong cryptography and privacy enhancing technologies catered towards the operations community in the face of overarching wiretapping and data-mining by nation-state actors. The project has since evolved with a lot of positive feedback from the open source and operations community in general with input from various browser vendors, linux distribution security teams and researchers.
This talk highlights three years of community collaboration on a 100+ page document that has been continuously evolving via mailing-list discussion and GitHub Pull-requests. We will provide a few metrics and see what kind of discussions were previsional back when we started out.
We will review novel attacks against TLS and other crypto protocols as well as leaked information on classified cryptanalysis have appeared over the last three years and compare how our guide compares against them.
While the project has been going on for three years, there's regularly renewed interest as soon as new attacks or publications on quantum computers show up. The upkeep and continuous improvement of the project are paramount and every person we can get to help us with their expertise is an improvement for the document.
We will discuss further project development and ideas towards continuous integration and testing of the project's recommended configurations as well as new threats on online privacy to be mitigated in the future.