Applied Crypto Hardening

I spend a lot of time urging people to utilize available cryptographic tools to secure their data. While I also admit that using cryptographic tools is less convenient that not and involves a learning curve, I believe that everybody has a duty to take their online self-defense into their own hands. To this end a group of people have gotten together and written a white paper that helps individuals utilized cryptographic features in popular software packages:

This whitepaper arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for configuring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age. Triggered by the NSA leaks in the summer of 2013, many system administrators and IT security specialists saw the need to strengthen their encryption settings. This guide is specifically written for these system administrators.

Initiated by Aaron Kaplan ( and Adi Kriegisch (VRVis), a group of specialists, cryptographers and sysadmins from CERTs, academia and the private sector joined forces to write such a concise, short guide.

This project aims at creating a simple, copy & paste-able HOWTO for secure crypto settings of the most common services (webservers, mail, ssh, etc.). It is completely open sourced, every step in the creation of this guide is public, discussed on a public mailing list and any changes to the text are documented in a publicly readable version control system.

The document itself can be downloaded here [PDF]. I haven’t read through the entire guide but it is obviously still being written as there are quite a few omissions. But what is there is good information albeit information devoid of theory, which is OK, you have to start somewhere and enabling these features without fully understanding them is still better than not enabling them at all.