Encryption - breaking the myth series - part 3

Say what?

In my original post Encryption - breaking the myth, I endeavored to use "my flavor of irony" sprinkled with a touch of sarcasm, to spark some thought and debate.

Then my lovely wife and I played with a visual presentation "Encryption - shatter the myth", and still I muse about "what are these big companies thinking?".

I imagine... they are imagining... that we can hope no one will every breach a server again. Let's make it terribly difficult to be online... so what if our employees need to use, "difficult to use" corporate laptops to "occasionally" check their email. And yet, the breaches continue.
This led to the second blog post "Encryption - breaking the myth series - part 2".

I've stolen my copy, just have to break the encryption now

One of my favorite blogs (very subjective here) is my 3'rd blog about my prime number generator. This blog references what I like to call an "Organic Sieve". Maybe it isn't perfectly clear, but lets get to the bottom line: with organic sieves, one can readily "look up" any prime number - am I the only one the realizes what this says about encryption?

Game Of... Numbers

As I continue to blog and dialog with "people", I occasionally find inspiration in the strangest ways and times. Someone I consider to be quite brilliant with technology contrasted "prime number" based encryption with "other types". Ya, how about "strong passwords"?

Just for fun, lets consider a strong password that uses 10 digits, each of which might have 72 different values (26 lower case, 26 upper case, 10 digits and some special characters). How many possible combinations are involved?

Yes, that is a big number, and that is why strong passwords are important (being force fed I suppose). That is why we often here statistics like, this strong password (above) is more than 12 billion times stronger than a password that uses 6 lower case letters.

Lets add one more perspective here, namely, one could argue that this "strong password" is on par with a 63 bit prime number used to encrypt data. Today's standards (without getting too bogged down in details about symmetric or asymmetric algorithms) are well beyond 256 bits.

Simplicity is the ideal lens for capturing 'the complex'

I apologize for the over simplification, its just that I do like "simple", and think fondly of the KISS rule/acronym. The simple truth is that "encryption isn't good enough":

Article - 2016 - hacker & bank (actually reported)

Article - 2016 - University employees vulnerable - tax data breach

Article - 2015 - Lloyd's CEO on the cost of cyber attachs

Article - 2015 - forbes.com - average costs

Article - 2014 - washington post - cost of cyber crimes

bankrate.com: 11 data breaches that stung US consumers

2014 - data breaches by industry

Prime Number Generator: Chapter 1 - the Challenge

My next few posts will constitute a “sub series” about my Prime Number Generator. This series is related to a far broader and more important series on “Encryption – breaking the myth”.
In the last two posts, I have endeavored to present empirical data. Pragmatically one may easily recognize that:
1. Encryption is being used to secure data.
2. Breaches have occurred.
3. Readable data was acquired by those who don’t have a right to the data.
4. Conclusion: Encryption is failing to properly secure data.

Chapter 1 – the Challenge

The year is 1977. Location: Windsor Ontario, Canada. Yes, once upon a time, Ontario had 5 years of high school. Juniors are in grades 9 and 10. Seniors are grouped into grades 11, 12 & 13.

Happily, there were three math courses offered in Grade 13, and this lover of math signed up for all three.

Mr. Taylor taught Algebra. He was introducing “Prime numbers”. Optimistically he endeavored to engage his students by announcing a $100,000 reward for anyone that developed a prime number generator - for the entire set.

I would like to think I was motivated by “the challenge”, however, truth be said, it was the money. I became excited. Didn’t much care for the homework, but I couldn’t wait to get home to work on it. I found my way to the dining room table, and delved into the possibilities. Numbers scattered across reams of paper, patterns everywhere – but which pattern might be “the one”?

Math is beautiful – I was enjoying the challenge, the possibilities, the patterns. When all is said and done, math and science is basically about patterns that can be interpreted and reproduced.

After a few weeks, and more paper than I had ever used for “home work”, I had distilled the patterns down to one, that worked for all prime numbers except for the lonely, even numbered - prime number of “2”. 

If I had understood back then “why” prime numbers were important, I wouldn’t have wasted another moment on “the technicality” of included “2” in the output produced by my prime number generator. Perhaps I thought like a lawyer, or a strategist, but I couldn’t take a chance that, omitting “2”, might ruin my chance of winning the reward.

I approached Mr. Taylor at school during lunch. As a prelude to my bottom line, I advised him that I had the prime number generator, then asked how I go about claiming the $100,000. 
At first he smirked as though I was pulling his leg with a sarcastic prank, then as he realized that I “wanted the money”, he arranged for me to see Dr. Harold Atkinson, the head of the math department at the University of Windsor.


Fellow classmates C. Collins and D. Girard translated this Prime Number generator into “WATFIV”, using those good ole punch cards and a large main frame computer. The printout included a large number of prime numbers as an early, pragmatically driven test of this prime number generator. These printouts along with the mathematical representation of the generator were brought to Dr. Atkinson.

Still to come:

Chapter 2 - the Validation (Tuesday, 17 May 2016)
Chapter 3 - the Generator (Thursday, 19 May 2016)

Encryption - breaking the myth series - part 2

Lets start this quest for “truth” with a breaking story – from 2014:

eBay data breach

This was reported through CBSnews.com, and it this were the only report, then one might doubt its reality. But this breach hit all the news outlets!

Lets show what eBay said, which has been restated many times through the press.

1. eBay had your passwords “Encrypted”.
2. eBay’s Encrypted Passwords were stolen.
3. eBay told you to “Change your Passwords”.

Have we all “connected the dots”? If Encryption works, then why “change my password”?

OK, I get it, someone broke in, and stole all of this encrypted data. But doesn’t encrypted mean they “can’t read it”? That’s what it is suppose to mean, but in fact, it doesn’t work!

If they want to “unlock” the encrypted data, they can – just takes a bit of time.

OK, I get it, Encryption is like my old “teddy bear” – it feels good, makes me feel safe!

But we’re not safe! Cyber crime is costing us over $100 billion dollars a year!

Do you really think our banks, corporations and businesses are “taking the hit” for the rest of us?

• If you believe encryption is safe…
• If you believe these big companies are “not passing on these losses to all of us“…
• If you don’t want your personal data to be protected, even if someone breaks into a server.
• If you don’t want to spend less for insurance, banking, taxes, and buying “things”

Then I wish you well, and hope you enjoy your “teddy bear” !

If you do care. If you do realize that this “old breach from 2014” has been followed by far too many breaches. Then you do want to:

• read about CORA (at http://CORAcsi.com) – which will actually protect your data, even if someone breaks into a server.
• tell your banker about CORA
• tell your insurance agent about CORA
• tell your government representative about CORA
• tell your neighbor about CORA
• tell your company about CORA
• share this article on social media
• share about CORA on social media