Learning Security

Quantitative Evaluation

In the final evaluation/review session for our cumulative workshop series, we asked participants to carry out the following tasks to demonstrate their mastery of password selection, encrypted password managers, secure file storage, encrypted email, and encrypted chat:

  1. Generate two strong passwords, one that is memorable and one that is shorter but stronger.

  2. Create a new KeePassX password database containing entries for each of those passwords.

  3. Create a small TrueCrypt container, using the first password for its hidden volume and the second for its outer volume.

  4. Send us both the KeePassX database and the TrueCrypt container as encrypted email attachments.

  5. Tell us the KeePassX master passphrase through a verified, encrypted instant messaging conversation using CryptoCat or Pidgin/Adium.

We also asked students to carry out the following tasks to demonstrate their capacity to use VPNs and Tor Browser for connection security and anonymous browsing:

  1. Turn on your VPN.

  2. Visit the following web address. (We gave each student a unique URL on a web server where we could monitor traffic logs.)

  3. Turn off your VPN and launch Tor Browser.

  4. Visit the same web address.By analyzing the server’s traffic logs, we were able to verify, quickly and easily, who was and was not using these tools properly.