Sunday 18 December 2016

CORA Industrial


The origin of CORA

I am amazed at how many pathways are emerging for CORA. I suppose it isn't too surprising when one contemplates the need for 'unbreakable security', and yet, my original thought was to protect "static data", particularly that which is found on 'my computer'.
I knew that I wanted to store my technology bases in multiple, online locations. I further knew that encryption as is currently found in the industry, can be broken.

Surprise realizations

goCORA

goCORA, the online, fun, app that will be released in 2017 allows users to maintain control of their online, digital footprint. This exciting pathway for CORA was never considered in its development.
For years we have spoken to young people (in particular) about the need for caution when posting pictures, opinions, videos, and the like online - once it is online, it will exists somewhere, for ever...
goCORA will allow users to post anything they want online, without the fear of "losing control" over their data - they can shut it down permanently regardless of how many people have seen, copies, or shared the information.
To this end, if you are a Xamarin developer, we may have some work for you.

CORA Industrial

I must say, trade shows are relatively boring, and yet, they are surprisingly productive. While 'putting in time' at the last trade show on emerging technologies, a local industrial company spoke with CORA Cyber Security and we became aware of another import pathway for CORA, as illustrated in the follow:

What good is a pathway without some math


While I personally love the math, what does 101848 look like? 
Answer: Unbreakable.

Saturday 3 December 2016

HISTORY becomes THE FUTURE

Venona project (1943–80)



I have read that this was one of the most successful counter-intelligence efforts of the Cold War; purportedly successful because individual(s) on the soviet side began to reuse keys, rather than generating a new key for each message.

Perfect Encryption

 

Claude Shannon is accredited with defining the idea of "perfect encryption" in which the encryption key would be, at least as long, as the message.
These two paths from our collective HISTORY converge with CORA, and become THE FUTURE of data security.

CORA stands for Context Ordered Replacement Algorithm.

While the 'magic of CORA' temporarily remains a trade secret, the following expose makes for an acceptable 'letter of introduction' to CORA.
 Context Ordered infers that the same CORA bloc (key in the Venona project cited above) will always be created anew when 'CORAfying' data.
Replacement Algorithm infers that each CORA bloc's relevant data (perfect encryption cited above) should span a proportionate size that exceeds the relative data.

Bottom Line

A CORAfied solution at its worst, is far more than a 'googol' times stronger than military grade encryption, at its best.

CORAfied - at its worst:

  • 3 CORA blocs in the solution.
  • 2 out of the 3 blocs are stolen.
  • The blocs are at the minimum size required for CORAfication.
  • The hacker has:
    • the catalog file.
    • the chaos maps.
  • The thief knows:
    • there are only 3 blocs in the solution.
    • the size of the 3rd bloc.
    • the relevant order of blocs including boundary conditions.
Giving this scenario in which the CORAfied data is horribly compromised, a brute force attack would take no more than 102400 attempts to obtain the CORAfied data.

Contrast this to military grade encryption that uses a 256 bit key which would take no more than 2256 1078 attempts to obtain the encrypted data.

Hence CORA at its worst is 102322 times stronger  - a step beyond encryption! 
I prefer to refer to this as "astronomically stronger" or "unbreakable"!

Addendum (4 Dec 2016)


It should be noted that patterns in random number generators, and optimization routines based upon frequency distributions in the byte structures will result in the potential for optimizations. Taking a smarter approach based on these patterns might pragmatically decrease this complexity of the attack pathway by 20%, which could result in as little as 101926  attempts, or 101848 times stronger than military based encryption.
The enormity of this number is still astronomical unbreakable

Sunday 28 August 2016

Block Chains: a contrasting position on decentralization

Fact and Fiction - love the contrast

My brother once quoted Winston Churchill:
If you're not a liberal when you're 25, you have no heart. If you're not a conservative by the time you're 35, you have no brain.
An interesting muse for the mind, however, upon  research, one discovers that Churchill is not attributed with this saying.
  1. What was my brother trying to do? Convince me of his position.
  2. My response - why does the heart and brain have to be at odds with one another?

"Time is the hand, that writes the truth, on the wall of experience"

One often holds a belief in youth, that matures with age. Ideally the heart and mind work in unison. Think of the heart and emotions as the fuel in your vehicle. The head is the steering wheel. Both are needed for the journey.

Who doesn't wish there were no rules, speed limits, or fences when bouncing around with enthusiasm and reckless abandon, in one's youth? An yet, as the currents of time demonstrate the lessons that are too hard to embrace in childhood, one's appreciation for 'responsible freedoms' and 'conscientious authorities' evolves into a maturity of mind and heart.
I often joke that "the world would be perfect if everyone were like me". This sentiment is behind those that seek chaos, or the absence of authority; where there are no bullies, thieves, or "big kids on the block" that would certainly "take without asking" or "do without caring".

Block Chains and decentralization

Block Chains are beautiful - mathematically and technologically. They are robust and redundant. One might be capable of burning a $20 bill, but don't expect to 'burn' a bitcoin!

Wait, that just happened, didn't it?

  1. A hacker stole $64 M of ether (bitcoin alternative) from an investment firm.
  2. There was a time delay during which the hacker could not claim the funds - they sat there without the true owners being empowered to retrieve them.
  3. Ethereum reset their system (burned the ether currency for the past day) to a backup that existed previously.
  4. While this eradicated the transactions that occurred during the past day, and thus, the theft of the "investors' money", it also resulted in a 'fork' in which some users choose to stay with the original, pre-fork currency, and others choose the new, post-fork currency.
What does this mean? Consider the following analogy to simplify the concept:

Imagine that someone compromised a corporate 'MasterCard' and used it to steal a large amount of money. MasterCard cannot deal with a 'single transaction' (Block Chains), so it decides to reset the system to 1 day ago, resulting in the deletion of 'all transactions' that have occurred, and the issuing of a second set of 'cards' and 'processing machines' for all card holders and merchants. 
  1. All transactions since this reset are gone.
  2. An entirely new set of cards (for all clients) and machines (for all merchants) are issued.
  3. Those who don't want the new cards may keep using the old cards. Those merchants that don't want the new machines may continue to use the old machines. There are now effectively '2 forks', 2 sets of MasterCards; remember there isn't a central authority that can insist that everyone uses the new cards and machines.
In all fairness, this isn't limited to Ethereum. In August of this year $94M of Bitcoins was stolen in a hack of the Bitfinex exchange. While Bitcoin did not 'reset the system' as cited above, these is an interesting story about a proposed fork that dates back to early this year: Bitcoin feud over expansion threatens to destabilize currency .

Bottom line:
  1. Forks can be produced resulting in multiple "online currencies". Without  a central authority, there is no limit to how many different forks, and online currencies might result as time marches forward.
  2. Mike Hearn (one time advocate and developer for Bitcoin) states in the article cited above, and on his blog, 'What was meant to be a new, decentralised form of money that lacked “systemically important institutions” and “too big to fail” has become something even worse:  "a system completely controlled by just a handful of people".'

A Centralized system

Block Chains may be great for online currency, however, for data security we do need a centralized methodology that allows the owners of the data to control it, and if necessary, shut it down. 

In the ideal world, in which everyone, equally, respects one another, and lives by the same rules and guidelines, there would be no need for security and built in controls. 
This is a great direction and beautiful dream. I am confident that quality education will eventually empower this evolved society.
While the journey remains ahead of us, and is marvelous in many ways, we have yet to arrive at this destination.


Wednesday 13 July 2016

Homeland security's Report - substantial in context and scope

GOING DARK, GOING FORWARD a primer on the encryption debate.

These 25 pages are enough to make me speechless - with only 3 exceptions:
  1. There is so much happening in cyber security. There are so many opinions, facts, options and directions. WOW! If I think so, I can't imagine who among my friends and associates will actually read this report.
  2. The article posted on engadget.com entitled Homeland Security's big encryption report wasn't fact-checked is another interesting read. Again, so many facts, counter facts, opinions and directions.
    My only thought here is that, I appreciate all that our governments and professionals are doing to safeguard our security, rights, and freedoms.
    The fact that there is accountability and free speech, speaks volumes about those of us who are fortunate to live in a free, safeguarded and educated society.
  3. The first point on page 6 of this report states:
Encryption plays a vital role in modern society, and increasingly widespread use of encryption in digital communications and data management has become a “fact of life.”
In regards to 'data management', sadly encryption has fallen short. The massive loss of more than 400 billion dollars per year is clear evidence of this fact, rather than the opinion.

Sooner or later (and I am betting on sooner) CORA will be recognized as the standard for data security. Unlike encryption, CORA is capable of producing "unbreakable data security".

Soon the CORAcsi Challenge 2016 will be launched to the global community. While this challenge is admittedly 'unfair', it will announce and validate this bold statement about "unbreakable data security". Stay tuned and spread the word.


Sunday 3 July 2016

IoT needs unbreakable


ZDNet just published an article “The first big Internet of Things security breach is just around the corner”.

The IoT is projected to be worth in excess of 3 trillion dollars by 2020. Therefore, it should be obvious that it isn’t going away. Smart devices and chips will be everywhere. Yes, this is a security risk.


The challenge to the cyber security industry is to become “unbreakable”. 


Imagine the hundreds of thousands of hackers and unscrupulous employees who are spending ungodly numbers of hours and days trying to steal what doesn’t belong to them. Next imagine how many would continue to do so if they weren’t getting a piece of the $400,000,000,000 being stolen from you and me each and every year.


Unbreakable - the concept - is simple. 


Make it too costly and time intensive to “risk failing at the hack”! 
Risk money, time and potential criminal consequences, without getting “the prize” – who is going to do it? Ok, maybe the odd duck, but that is far better than the hundreds of thousands globally attempting to, and succeeding at stealing “our money”. Yes, it is our money, even if we don’t realize it. The big boys and girls aren’t going to lose 400 + billion a year without passing those losses onto the rest of us – not if they want to keep their jobs.

This is exactly why CORAcsi is unbreakable. Is it conceivable that someone might discover where all the CORA packages are stored throughout the Cloud, then breach each of the servers and networks involved, within a short window – say 5 minutes? 

Perhaps it is conceivable – and if they did, CORA would be no better than encryption. This may be conceivable, however, it is totally improbable, and will reduce the numbers attempting to succeed significantly, as failures clutter their landscape. 
Unbreakable = too costly and time intensive to risk failing at - the hack.
Unbreakable = leaving a trail (such as an employee who has access to “the catalog”).
Unbreakable = too many networks and servers to violate before a single package has been deleted.
Unbreakable = too many unknowns to warrant the cost while risking the consequences.


Wednesday 15 June 2016

PELE - Practice Excellence and Live Excellence

Preamble

I would like to think there is a fundamental principle that defines CORAcsi’s corporate culture and Mission Statement. Allow me to take you on a journey behind the scenes, to a love of learning, and teaching, that spans decades.
What is life without passion? What is work without passion? I love talking about technology, innovation, teaching, learning, the love of learning, principles, integrity, commitment, physics, math... and yet, there is a foundation to all of these passions that I have identified through years of teaching, and that is excellence.
"Excellence is to Perfection as the Journey to the Destination."

The dolphin & the dove - let the story begin
He looks over a sea of faces. Some have boredom stamped upon their irises (irides). Others are evidently excited to be back at school, though history has proven that this excitement diminishes over time, especially with respect to "work".

The Challenge – motivate these young men and woman to ‘choose excellence’ daily.

He begins with a question:
“With a show of hands, how many want to live a life of… mediocrity?”
  Not a single hand!

After a short pause, another question follows:
“How many want to live a life of excellence?”
  Everyone raises their hand without exception – every year!

The pitch:
Aristotle so many millennia ago realized that ‘Excellence is not an act but a habit’. 
Let’s translate – if you want a life of excellence, then you must choose it by practicing excellence daily. If excellence is your habit, one that you have built daily, even when you didn’t ‘feel like it’, then you will have chosen success, chosen a life of excellence.

Over the course of a semester the students will often hear:
Practice Excellence – Live Excellence.
Practice Excellence - Live Excellence
Practice Excellence – Live Excellence.
Good Habits lead to success. Bad Habits lead to failure.
Good habits lead to success, bad habits lead to failure.
Good Habits lead to success. Bad Habits lead to failure.
I imagine a school, team, corporation, country and world in which these principles are realized. I believe we are closer today, than they were in Aristotle's day. I aspire to call forth this foundation of excellence through my words, actions and creative works. I enjoy connecting with like minded people.

Tuesday 14 June 2016

BlockChains and CORA

Allow me to briefly illuminate the similarities, and differences between BlockChains and CORA.
BlockChains are incredibly resilient, and beyond the control of any “one”. This makes BlockChains ideal for online currency, which was the apparent rationale that drove its creation.

CORA on the other hand was originally developed with a single purpose – to provide unbreakable data security – which encryption alone cannot deliver. 

While CORA has surprised us at CORAcsi.com with additional applications, such as securing one’s online, digital footprint, this is a byproduct of its primary mandate – security.

Hence I targeted a “distributed methodology”, but more than “just a distributed methodology”. I insisted upon the following characteristics:


Points B and D above are pivotal to understanding the difference between BlockChains and CORA as a means of securing data and protecting one's online digital footprint.


For online currency, I personally cannot imagine a better technology than BlockChains.
decentralized, peer-to-peer
The BlockChain is a decentralized implementation. Decentralized, peer-to-peer implementations have been around for years - "bitTorrents" that utilize many duplicates: seeds (files) and catalogs (routing tables).
The design of the BlockChain is beautiful; it is persistent, independent and versatile.

Regarding security, decentralized peer-to-peer systems violate requirement “B” above, by removing the requirements that:
  1. The data can be quickly and permanently “shut down”.
  2. The fragments are highly controlled and secured by professionals (not seeded to unknown computes, perhaps even home computers).

CORA must remain “centralized” so that it can be controlled and if necessary, shut down to prevent unauthorized individuals, teams, companies, or countries from viewing data that belongs to another. Moreover, CORA will not place packages (seeds) in multiple locations, nor on personal computers.
As stated in my earlier blog, executables in a BlockChain should make the global community extremely uncomfortable!

Executables violate requirement “D”, namely that each fragment must be inactive. Perhaps sterile is a better word! 
CORA is committed to using packages that inactive and can be shut down permanently if required.

Sunday 5 June 2016

Blockchains - Concepts and Connections

BitCoin

I often reflect about, well just about anything and everything. As I mused about BlockChains, I imagined that the paper accredited to Satoshi Nakamoto's gave rise to the BlockChain frenzy. An incredible concept and implementation that is ideal for the online currency that is "BitCoin":
  1. redundant
  2. decentralized
  3. robust
  4. a natural propensity towards security (as the number of blocks increase).
  5. global
The following video can be found in IEEE SPECTRUM's article entitled "The Future of the Web Looks a Lot Like Bitcoin"



As with every pathfinder who proves a new concept, others are quick follow. Near the end of this article the author talks about the push to include executables in BlockChains. There are many articles and blogs that can be found about BlockChains, in particular I would like to draw your attention to the following:

BlockChain executable


O'REILLY's "Understanding the blockchain"

Blockchains and Online Dispute Resolution: Smart Contracts as an Alternative to Enforcement

Mike Hearn's blog "Developing apps for block chains"


itnews reports "Ransomware uses blockchains for decoder delivery"

In Ethereum landing page (as of June 5, 2016) one doesn't have to look far to read "Build unstoppable applications".
I know it sounds good, or great, however, we need to slow down for a moment and think about it! In a perfect world, we would all accept the same definitions for honor and integrity.. We would all know the difference between right and wrong, good and evil.
In a perfect world, I doubt that anyone would understand or care about a virus, worm, Trojan or malware. In a perfect world, a zero-day attach or vulnerability would only be found in the popular writings of a science fiction author with an incredible imagination.

Caution

Our world is not perfect - not yet! A zero-day vulnerability is "by definition" one that hasn't been considered or planned for! Do you see the danger in building "unstoppable applications"? Allow me to rephrase this:
Do you recognize the danger in an environment that allows for the building of:
  • unstoppable viruses
  • unstoppable worms
  • unstoppable zero-day attacks
Yes, I know, we will build in safeguards, just like we do with Computers and Servers, and yet, someone always finds a way (sounds a lot like Jurassic Park).

Bottom line: Blockshains are ideal for an online currency that is decentralized. Once this moves to anything that can be "executed", there must be a "centralization" - a way to control these "seeds" of "potential disaster".

Upcoming Blog

Stay tuned for one of my upcoming blogs which contrasts this "decentralized distributed environment" with CORA, a Context Ordered Replacement Algorithm from CORAcsi that allows for the implementation of a centralized distributed environment.


Sunday 29 May 2016

Encryption - breaking the myth series - part 3

Say what?

In my original post Encryption - breaking the myth, I endeavored to use "my flavor of irony" sprinkled with a touch of sarcasm, to spark some thought and debate.

Then my lovely wife and I played with a visual presentation "Encryption - shatter the myth", and still I muse about "what are these big companies thinking?".

I imagine... they are imagining... that we can hope no one will every breach a server again. Let's make it terribly difficult to be online... so what if our employees need to use, "difficult to use" corporate laptops to "occasionally" check their email. And yet, the breaches continue.
This led to the second blog post "Encryption - breaking the myth series - part 2".
I've stolen my copy, just have to break the encryption now

One of my favorite blogs (very subjective here) is my 3'rd blog about my prime number generator. This blog references what I like to call an "Organic Sieve". Maybe it isn't perfectly clear, but lets get to the bottom line: with organic sieves, one can readily "look up" any prime number - am I the only one the realizes what this says about encryption?

Game Of... Numbers

As I continue to blog and dialog with "people", I occasionally find inspiration in the strangest ways and times. Someone I consider to be quite brilliant with technology contrasted "prime number" based encryption with "other types". Ya, how about "strong passwords"?

Just for fun, lets consider a strong password that uses 10 digits, each of which might have 72 different values (26 lower case, 26 upper case, 10 digits and some special characters). How many possible combinations are involved?
Yes, that is a big number, and that is why strong passwords are important (being force fed I suppose). That is why we often here statistics like, this strong password (above) is more than 12 billion times stronger than a password that uses 6 lower case letters.
Lets add one more perspective here, namely, one could argue that this "strong password" is on par with a 63 bit prime number used to encrypt data. Today's standards (without getting too bogged down in details about symmetric or asymmetric algorithms) are well beyond 256 bits.

Simplicity is the ideal lens for capturing 'the complex'

I apologize for the over simplification, its just that I do like "simple", and think fondly of the KISS rule/acronym. The simple truth is that "encryption isn't good enough":

Article - 2016 - hacker & bank (actually reported)

Article - 2016 - University employees vulnerable - tax data breach

Article - 2015 - Lloyd's CEO on the cost of cyber attachs

Article - 2015 - forbes.com - average costs

Article - 2014 - washington post - cost of cyber crimes

bankrate.com: 11 data breaches that stung US consumers

2014 - data breaches by industry



Thursday 19 May 2016

Prime Number Generator: Chapter 3 - the Generator

The Generator

Here is the original statement of my Prime Number Generator. There is a Formula followed by restrictions:

Formula

The  n ÃŽ No  is unnecessary – including the first prime, the even prime, “2” is irrelevant in the scope of its application to encryption. As a utilitarian methodology, it is not needed (see the revised expression below).

Restriction

Let's revisit this expression and simplify it

If we omit "2", then this equation is much simpler: 

Formula

          P = 2n+1

Restriction

n ¹ 4R(R+1)/2 + (2R+1)m
or, expressed differently
n ¹ 2R2+2R(m+1) + m


For demonstration purposes only, an old JavaScript based version is available at http://CORAcsi.com/PrimeNumbers

So where's the fun in an older, slower, sieve based Prime Number Generator?

When teaching Math and Physics I start class with a quote and some tidbits. One such tidbit involves Mersenne Primes. I became aware of the Great Internet Mersenne Prime Search at www.Mersenne.org. For years they offered a $250,000 reward for the first person that found a 1 billion digit Mersenne Prime.
Oh yes, I verified this challenge!
I encouraged my students to pursue this, offering them my Prime Number Generator, and my assistance with the technologies involved. A number of groups embraced the challenge, however, they did not persevere. Then some number of years ago, the URL's by which I had verified this reward had disappeared. I couldn’t verify the $250,000 reward, and I certainly didn't want to mention a reward that "might not be available".

One of the drawbacks to a sieve approach is the amount of memory needed to continue the pattern. Essentially it is necessary to remember the past. This is considered a drawback, and certainly it would be for a normal sieve.
It's like making a snow man, the more your roll the snowball, in the snow, the larger it becomes.

Time to play

A few years ago I decided to play with my original generator. During that time I became aware of an interesting pattern that emerges if one gets creative with the binary sequences that would generate a very large prime. Essentially it would be possible to generate an “organic sieve” that could be used to perpetuate this continued pattern. Run the organic sieve for a few hours today, then again in a week for a few more hours. Every time it is run, it grows - and can then be used to reveal more prime numbers.
An organic sieve could be called "Frosty the snow man". It grows just like cited above. The difference being, that the molecules of frozen water in "Frosty", each can point to a prime number.
The existing “prime numbers” are essentially the generators (or eliminators in the sequence) of the, yet to be generated primes. If one were to creatively design a data structure to hold “the generated primes” in such a way that this “organic sieve” not only represents a “projector to known primes”, but a generator of “yet to be known” primes, then it becomes a growing entity that can be static in use, or dynamic in the generation of more primes. 

In other words, this organic sieve in its static state is like a write once, read many times, lookup table. Use it today to quickly look up any “known prime”. If in a few years, one wants more “immensely large primes”, then run the organic sieve dynamically for a few days, and it will grow, producing an even larger “static form” that can be used to look up more “immensely large primes”.

How big, is big?

Consider for a moment that a 1 billion digit Mersenne prime would require just about half a GB (more than 415 billion bytes) just to store. This means that half a GB of RAM would be used to simply hold this enormous Mersenne Prime. A similar amount of space would be needed to store it – a single prime number.

The one drawback if you will, is the size of this “organic sieve”. An organic sieve that represents all prime numbers up to and including this 1-billion-digit prime would require approx. 780 trillion bytes. 

Altruistic anyone?

I didn’t bother to finish this organic sieve. It wasn't sufficiently interesting beyond the concept stage, nor was it important enough in comparison to CORA. I mention it here because, you surely know that there are so many incredibly smart people in this world. I am confident that others have already done this. 

Bottom line – primes are obtainable in an efficient manner. Hence, Encryption isn’t a safe manner to protect data – static data. Encryption may be fine for communication – data in transit – however, as should be obvious with the number of reported breaches and loss of data and money – encryption is breakable!

Memory lane

I have shared this little trip down memory lane with you, in the hope that you will more fully realize “why encryption doesn’t cut it any more”. As our computers become more powerful, and can generate larger prime numbers, they are also more powerful in the finding of these prime numbers, particularly if one is using a prime number generator, or an organic sieve.

This was my motivation to develop CORA! 

Should there be any fellow math enthusiasts and/or technology lovers out there that would like to delve into this generator or organic sieve, enjoy, and let me know how it goes.






Tuesday 17 May 2016

Prime Number Generator: Chapter 2 - the Validation

It is a peculiar taste one acquires as the currents of time write the truth on the walls of experience.
How can one truly understand the realities that exists beneath the colors one projects onto the 3-dimensional landscape of desire, hope and belief? 

Chapter 2 - the Validation

Was I moving towards truth as I walked to my meeting with Dr. Atkinson – filled with excitement mixed in with some “trepidation”? 
Was it “realistic” to believe that there was actually $100,000 available for the taking? In hind sight, it seems rather silly and trivial that I happened upon Eratosthenes' sieve, expressing patterns with summations and basic boundary conditions. 
Interesting connections that flair our taste buds – sweet and sour, salty and sweet, bitter and sweet, excited and nervous, prime numbers and monetary rewards, encryption and CORA. 
I put one foot in front of the other and walked head on into the lion’s lair, to meet Dr. Atkinson. He was truly kind and disarming; very approachable and down to earth. 
A bashful 18-year-old with a strange mix of certitude and confidence, that was fueled by thoughts of $100,000, sat with Dr. Atkinson whose smile was warm and comforting. 

I was summoned to the University to speak with Dr. Barry Fawcett. I was left with some papers that were correspondences between Dr. Fawcett and Dr. Atkinson.
Dr. Fawcett to Dr. Atkinson - 1977 - about Latouf's Prime # generator.
page 1 of 3
 What happened during this meeting you ask? What did Dr. Fawcett say?

  1. My prime number generator did generate the entire set of prime numbers. 
  2. It was similar to Eratosthenes’ sieve but did have some merit as it simplified the calculations. (see Chapter 3 for a surprising discovery about "organic-sieves")
  3. There was no reward. (sad face - the $100,000 was noteworthy as an incentive, but fell short as a reward)
  4. There were two other prime number generators developed my mathematicians, one group in Russia, and another out West.
  5. He suggested that mine had some merit as it involved fewer variables
    (3 rather than 10).

Dr Fawcett suggested that I should write an article in a Mathematical Journal. Sadly, I had no idea what that would involve, or what significance an article to a journal would have.
I had never even seen such a journal, or article. Moreover, in an instant, I had lost $100,000 – or so it felt.


Redemption 

Dr. Fawcett went on to explain why prime numbers are important. 

Encryption uses prime numbers as the keys that lock and unlock data. If two very large prime numbers are (simplified version) multiplied together, they will produce an even larger number. This composite number would have only two divisors that leave no remainder.
Simplification of how prime numbers are used in encryption

I left his office, papers in hand, and a wallet that felt very light indeed. I tucked away the memory of encryption and prime numbers until it would resurfaced again, many years later. 

Timing

This was many years before “the internet”, and many years before the notion of a “home computer” – we were still using “punch cards” to enter instructions into a computer.

I blinked

I was no longer programming in Fortran 77. I hadn’t seen a punch card for decades. I was typing my instructions directly into a computer as I watched these programs execute in real time - on my monitor - WOW. 

I loved the freedom and complexities that programs like C brought to the playing field. I reveled in the convenience of IDE’s like Borland C, then C++. 

Modems appeared on the scene and suddenly I began to cave in and use passwords on my computer. The Internet appeared – such a brave new world.

Then one day I encrypted a technology base I was working on and decided to upload it to "the Internet" for safe storage, and I remembered – encryption – and the keys – prime numbers. 

Yes, if anyone really wanted to unlock my technology, they could simply try all the large primes until they found “my keys”. If they too had a prime number generator, then the time required to find those keys would be greatly reduced. I realized that encryption was not protecting my data from everyone, but rather, only from those who would never acquire it in the first place.


Still to come

Chapter 3 - the Generator (will be posted this Thursday, 19 May 2016)



Saturday 14 May 2016

Prime Number Generator: Chapter 1 - the Challenge

My next few posts will constitute a “sub series” about my Prime Number Generator. This series is related to a far broader and more important series on “Encryption – breaking the myth”.
In the last two posts, I have endeavored to present empirical data. Pragmatically one may easily recognize that:
1. Encryption is being used to secure data.
2. Breaches have occurred.
3. Readable data was acquired by those who don’t have a right to the data.
4. Conclusion: Encryption is failing to properly secure data.

Chapter 1 – the Challenge

The year is 1977. Location: Windsor Ontario, Canada. Yes, once upon a time, Ontario had 5 years of high school. Juniors are in grades 9 and 10. Seniors are grouped into grades 11, 12 & 13.

Happily, there were three math courses offered in Grade 13, and this lover of math signed up for all three.

Mr. Taylor taught Algebra. He was introducing “Prime numbers”. Optimistically he endeavored to engage his students by announcing a $100,000 reward for anyone that developed a prime number generator - for the entire set.

I would like to think I was motivated by “the challenge”, however, truth be said, it was the money. I became excited. Didn’t much care for the homework, but I couldn’t wait to get home to work on it. I found my way to the dining room table, and delved into the possibilities. Numbers scattered across reams of paper, patterns everywhere – but which pattern might be “the one”?


Math is beautiful – I was enjoying the challenge, the possibilities, the patterns. When all is said and done, math and science is basically about patterns that can be interpreted and reproduced.
After a few weeks, and more paper than I had ever used for “home work”, I had distilled the patterns down to one, that worked for all prime numbers except for the lonely, even numbered - prime number of “2”. 
If I had understood back then “why” prime numbers were important, I wouldn’t have wasted another moment on “the technicality” of included “2” in the output produced by my prime number generator. Perhaps I thought like a lawyer, or a strategist, but I couldn’t take a chance that, omitting “2”, might ruin my chance of winning the reward.
I approached Mr. Taylor at school during lunch. As a prelude to my bottom line, I advised him that I had the prime number generator, then asked how I go about claiming the $100,000. 
At first he smirked as though I was pulling his leg with a sarcastic prank, then as he realized that I “wanted the money”, he arranged for me to see Dr. Harold Atkinson, the head of the math department at the University of Windsor.


Fellow classmates C. Collins and D. Girard translated this Prime Number generator into “WATFIV”, using those good ole punch cards and a large main frame computer. The printout included a large number of prime numbers as an early, pragmatically driven test of this prime number generator. These printouts along with the mathematical representation of the generator were brought to Dr. Atkinson.

Latouf's Prime Number Generator - Chapter 1 - the challenge.

Still to come:

Chapter 2 - the Validation (Tuesday, 17 May 2016)
Chapter 3 - the Generator (Thursday, 19 May 2016)


Encryption - breaking the myth series - part 2

Lets start this quest for “truth” with a breaking story – from 2014:
This was reported through CBSnews.com, and it this were the only report, then one might doubt its reality. But this breach hit all the news outlets!
Lets show what eBay said, which has been restated many times through the press.
ebay_hack_notice
  1. eBay had your passwords “Encrypted”.
  2. eBay’s Encrypted Passwords were stolen.
  3. eBay told you to “Change your Passwords”.
Have we all “connected the dots”? If Encryption works, then why “change my password”?

OK, I get it, someone broke in, and stole all of this encrypted data. But doesn’t encrypted mean they “can’t read it”? That’s what it is suppose to mean, but in fact, it doesn’t work!
If they want to “unlock” the encrypted data, they can – just takes a bit of time.
OK, I get it, Encryption is like my old “teddy bear” – it feels good, makes me feel safe!
But we’re not safe! Cyber crime is costing us over $100 billion dollars a year!
Do you really think our banks, corporations and businesses are “taking the hit” for the rest of us?
  • If you believe encryption is safe…
  • If you believe these big companies are “not passing on these losses to all of us“…
  • If you don’t want your personal data to be protected, even if someone breaks into a server.
  • If you don’t want to spend less for insurance, banking, taxes, and buying “things”
Then I wish you well, and hope you enjoy your “teddy bear” !
If you do care. If you do realize that this “old breach from 2014” has been followed by far too many breaches. Then you do want to:
  • read about CORA (at http://CORAcsi.com) – which will actually protect your data, even if someone breaks into a server.
  • tell your banker about CORA
  • tell your insurance agent about CORA
  • tell your government representative about CORA
  • tell your neighbor about CORA
  • tell your company about CORA
  • share this article on social media
  • share about CORA on social media

Encryption – breaking the myth

Why do ostriches bury their heads in the sand?
Does Donald Trump really believe it sensible to build a wall between the US and Mexico?
Will encryption protect our data?
myth_2
Search for the Truth
There are so many myths to muse about! They sound great. Myths are easy to remember. They play well with others – the myth that is.
Ostriches bury their “eggs” in the sand. Just for a moment – it appears to bury its head – when turning the eggs.
ostrich_3
Don't bury your head in a myth
Encryption protects communication. Just for a moment – it appears to protect static data – if no one ever steals it.

Let’s take a closer look.

Have you seen the “Imitation Game”? Even though the Enigma machine was adhering to its truest purpose, protecting communication, Turing broke the encryption - daily.
Think of encryption as a safe. It is a good safe. The locking mechanism is very good – prime numbers. So what’s the problem?
Just like in the “real world”, if someone steals the “entire safe”, they get the contents as well. Once that safe is in their back yard, it is only a matter to time!

What evidence is there that encryption can be broken?

When eBay’s breach occurred back in 2014, their user base, complete with encrypted passwords was stolen. That’s right, encrypted passwords. And what did they say? “Change your passwords”. Why would they warn users to change their passwords when they were encrypted? Isn’t the answer obvious? Those in the industry know the answer!
Encryption can be broken.
Adele’s Photo Hack (like other celebrities) involved combinations of iCloud and email services. Bottom line, encryption can be broken.
The Cloud needs a security service that supersedes encryption.
In simple terms, prime numbers are the keys that lock and unlock encryption. 128-bit encryption versus 256-bit encryption tells us how large these keys are. They are very large. The larger they are, the more difficult it is to find the key. So where’s the problem?
Computers are more powerful every day. Prime number generators exist. Modern computers equipped with prime number generators can do in seconds what it would have taken Turing’s computer, years to compute during the second world war.
What’s the alternative? We need to do something to protect our data in the Cloud.
CORAcsi_avitar
CORA Cyber Security Inc.
The answer is CORA (Context Ordered Replacement Algorithm). Read more about this “unbreakable data security” at http://CORAcsi.com and download your free CORA Explorer at http://CloudCORA.com .