http://tau.ac.il/~tromer/acoustic/ valicert root keys A little known fact is that i was mc at the generation of three ca/ssl root keys still used widely. The cpus were spied on by a truck/trailer placed in the car parking lot of the adjacent building. My assumption at the time was that what folks wanted was the primality testing evidence. The ceremony was observed by Price Waterhouse. I always assumed that one of the individuals, not acting for the firm but for others to whom the firm owed a ‘higher duty,’ participated in facilitating recording activities, at the required fidelity. It was interesting to watch the charade (on video playback). Not citable. No permission granted for linking or downloading content. This is marked ‘peter fouo’. You may not precis, paraphrase or quote even 1 word.

## azure virtual machine with MSDN image – iis express

out of the box, a SSL using web application running on the default IIS Express host installed as a result of doing running the visual studio 2013 update 1 enabled image (and updating to RC of Update 2, even) does not work.

To fix:

Run mmc and load the certificate plugin. delete the localhost cert.

If you are interested, note on using the manage private key operation available on the right click menu for the cert, that one gets

Now repair iis express 8 (regenerating the cert, under YOUR context)

We loaded the new localhost cert into the trusted root cert store (and trusted people) and created a new project with new IIS express bindings:

## nsa spying on ssh admins?

if I were NSA, I would want the keys to the kingdom. Which means you spy on the folks who run the kingdom. Who are they? They are the system administrators. if THEY use crypto, its their crypto that you first want broken (so you can steal their privileges and exploit the systems that they run, for spying then on others who happen to use those american-grade systems).

So, as I use openssl to make a crypto key for system admin purposes, am I “unwittingly” assisting NSA/GCHQ in their mission – assuming that this “commodity-grade” security software only ASSISTS them, covertly?

## from authorize to error–resource not authorized for the account

Location: ms-app://s-1-15-2-368411030-1769956373-826299661-4019874439-3442704750-222489034-3800660787/?error=invalid_resource&error_description=AADSTS50001%3a+Resource+%27https%3a%2f%2freso987.azure-mobile.net%2flogin%2faad%27+is+not+registered+for+the+account.%0d%0aTrace+ID%3a+c2a75697-0623-4ca1-9e04-8e1954d8b571%0d%0aCorrelation+ID%3a+a08d4056-0081-4fa7-b3aa-ecdf5341c3ba%0d%0aTimestamp%3a+2014-04-15+01%3a29%3a52Z

The solution is to NOT do what the instructions call for! (This is the second time being too truthful is hurting me, thinking like an NSA contractor TRYING to show one is trustworthy.)

Sample instructions suggest, for the webAPI part of the equation that you use a different signin and appid (than then name of the redirect URI at the mobile site, for aad) DON’T DO IT. HAVE ALL THREE THE SAME.

Ignore step 8, of http://azure.microsoft.com/en-us/documentation/articles/mobile-services-how-to-register-active-directory-authentication/ when having “sso”. just use aad.

## Adding Azure AD to a Mobile site with .net backend, and store-integrated windows 8.1 app.

Having built ourselves a known-working .net backend for an Azure Mobile site (and having updated quite a few packages in order to make it all compile with security attributes on guarded interface methods) we managed to follow along and also do the AAD-part of the process, as discussed at http://azure.microsoft.com/en-us/documentation/articles/mobile-services-windows-store-dotnet-adal-sso-authentication/

1 2 string authority = "https://login.windows.net/rapmlsqa.com"; 3 string resourceURI = "https://reso987.azure-mobile.net/login/aad"; 4 string clientID = "563cb644-1918-4c35-8a9f-800f4e31c5f9"; 5

The figures above show, on the right, the mobile site configuration (the oauth client) being accessed logically by the configured desktop application on the left, that has delegated rights to the ToListApp webAPI hosted in the mobile site using the .NET backend. This of course exposes odata interface to some domain entities, using an http binding

Running all this, we get

and …

Looking at this on the wire, we see a websso token,

But then a failure to issue an oauth-mediated access token:

## Kernel mental model

An mit video, at minute 22 or so, asks for N elementary proof. Can’t say I can prove anything,but I do have a very simple mental model to the point raised that if a code is the image of a function, the dual of the code is the kernel.

I think of that geometrically. From the classical 3-bit hamming cube (the domain) constrain the space to that of classical tetrahedron (the code mapping’s “image”). Now project all the nodes of the cube from the zero vector and get the Fano plane geometry (the code’s “dual”) whose inner circle line represents the kernel (when the dual is a lie group).

The above is a tone poem, not math! The inner space between the triangle’s lines that is NOT occupied by the circle represents uncertainty. one should think now of joining up each of the lines, making nominally three new circles by round out the straight lines. Then join the 2 outlier points of each circle to the point adjacent to it. I think of it as a table top (the original circle) and three loopy legs! (and there goes the math reputation I don’t have in the first place…)

Finally, I think about the relationship between the lines of the triangle (now the loop legs) versus the line of the circle (the table top). As minimum distance in code space comes into the right ratio with the covering error graph (the tetrahedron) and its nearest neighbor average distances, so the triangle compresses to the area of the circle (the legs retract up towards the table top), representing attaining the Shannon limit. We have maximized the coding gain by making the the circle line indistinguishable from the triangle sides (the loopy legs have FULLLY retracted, like an airplane’s wheels).

## WCF server, for JWT handling/validation

1 <system.identityModel> 2 <identityConfiguration> 3 <audienceUris mode="Never"> 4 <add value="http://localhost:1500/Service.svc" /> 5 <add value="https://rapmlsqa.com/TodoListService" /> 6 </audienceUris> 7 <issuerNameRegistry type="WcfServiceJWT.Utils.DatabaseIssuerNameRegistry, WcfServiceJWT" /> 8 <certificateValidation certificateValidationMode="None" /> 9 <securityTokenHandlers> 10 <add type="System.IdentityModel.Services.Tokens.MachineKeySessionSecurityTokenHandler, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> 11 <remove type="System.IdentityModel.Tokens.SessionSecurityTokenHandler, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /> 12 <add type="WcfServiceJWT.CustomJWT, WcfServiceJWT" /> 13 </securityTokenHandlers> 14 </identityConfiguration> 15 </system.identityModel>

and

1 using System; 2 using System.Collections.Generic; 3 using System.Linq; 4 using System.Web; 5 using System; 6 using System.Collections.Generic; 7 using System.Linq; 8 using System.Web; 9 using System.IdentityModel.Tokens; 10 using System.Security.Claims; 11 using System.Xml; 12 using System.Text; 13 using System.IO; 14 using System.IdentityModel.Metadata; 15 using System.Security.Cryptography.X509Certificates; 16 using System.ServiceModel.Security; 17 using System.IdentityModel.Services; 18 using System.Net.Http; 19 using System.Threading.Tasks; 20 using System.Web.Configuration; 21 using System.Threading; 22 using System.Net; 23 using System.IdentityModel.Selectors; 24 25 namespace WcfServiceJWT 26 { 27 public class CustomJWT : JwtSecurityTokenHandler 28 { 29 public override ClaimsPrincipal ValidateToken(JwtSecurityToken jwt) 30 { 31 ClaimsPrincipal v2; 32 string stsMetadataAddress = String.Format("https://login.windows.net/{0}/federationmetadata/2007-06/federationmetadata.xml", jwt.Payload["tid"]); 33 34 MetadataSerializer serializer = new MetadataSerializer() 35 { 36 CertificateValidationMode = X509CertificateValidationMode.None, 37 }; 38 List<X509SecurityToken> signingTokens = new List<X509SecurityToken>(); 39 40 MetadataBase metadata = serializer.ReadMetadata(XmlReader.Create(stsMetadataAddress)); 41 42 EntityDescriptor entityDescriptor = (EntityDescriptor)metadata; 43 44 // get the signing certs. 45 signingTokens = ReadSigningCertsFromMetadata(entityDescriptor); 46 47 var vparms = new TokenValidationParameters 48 { 49 ValidIssuer = entityDescriptor.EntityId.Id, 50 IssuerSigningTokens = signingTokens, 51 ValidAudiences = Configuration.AudienceRestriction.AllowedAudienceUris.Select(s => s.ToString()) 52 }; 53 try 54 { 55 v2 = base.ValidateToken(jwt, vparms); 56 } 57 catch (Exception ex) 58 { 59 throw new ApplicationException("didnt validate", ex); 60 } 61 return v2; 62 } 63 64 //public override ClaimsPrincipal ValidateToken(JwtSecurityToken jwt, TokenValidationParameters validationParameters) 65 //{ 66 // // set up valid issuers 67 // if ((validationParameters.ValidIssuer == null) && 68 // (validationParameters.ValidIssuers == null || !validationParameters.ValidIssuers.Any())) 69 // { 70 // validationParameters.ValidIssuers = new List<string> { ValidIssuerString }; 71 // } 72 // // and signing token. 73 // if (validationParameters.IssuerSigningToken == null) 74 // { 75 // var resolver = (System.IdentityModel.Tokens.NamedKeyIssuerTokenResolver)this.Configuration.IssuerTokenResolver; 76 // if (resolver.SecurityKeys != null) 77 // { 78 // IList<SecurityKey> skeys; 79 // if (resolver.SecurityKeys.TryGetValue(KeyName, out skeys)) 80 // { 81 // var tok = new NamedKeySecurityToken(KeyName, skeys); 82 // validationParameters.IssuerSigningToken = tok; 83 // } 84 // } 85 // } 86 // return base.ValidateToken(jwt, validationParameters); 87 //} 88 89 static List<X509SecurityToken> ReadSigningCertsFromMetadata(EntityDescriptor entityDescriptor) 90 { 91 List<X509SecurityToken> stsSigningTokens = new List<X509SecurityToken>(); 92 93 SecurityTokenServiceDescriptor stsd = entityDescriptor.RoleDescriptors.OfType<SecurityTokenServiceDescriptor>().First(); 94 95 if (stsd != null) 96 { 97 // read non-null X509Data keyInfo elements meant for Signing 98 IEnumerable<X509RawDataKeyIdentifierClause> x509DataClauses = stsd.Keys.Where(key => key.KeyInfo != null && (key.Use == KeyType.Signing || key.Use == KeyType.Unspecified)). 99 Select(key => key.KeyInfo.OfType<X509RawDataKeyIdentifierClause>().First()); 100 101 stsSigningTokens.AddRange(x509DataClauses.Select(token => new X509SecurityToken(new X509Certificate2(token.GetX509RawData())))); 102 } 103 else 104 { 105 throw new InvalidOperationException("There is no RoleDescriptor of type SecurityTokenServiceType in the metadata"); 106 } 107 108 return stsSigningTokens; 109 } 110 } 111 }

## client side of WCF using JWT for bearer

1 // 2 // GET: /TodoList/ 3 public async Task<ActionResult> Index() 4 { 5 ServiceReference1.ServiceClient sc = new ServiceReference1.ServiceClient(); 6 7 sc.ClientCredentials.SupportInteractive = false; 8 sc.ClientCredentials.UserName.UserName = "support170"; 9 sc.ClientCredentials.UserName.Password = FRED"; 10 11 // var cssdf = sc.GetData(45); 12 13 // 14 // Retrieve the user's tenantID and access token since they are parameters used 15 // to call the To Do service. 16 // 17 string tenantId = ClaimsPrincipal.Current.FindFirst(TenantIdClaimType).Value; 18 string accessToken = TokenCacheUtils.GetAccessTokenFromCacheOrRefreshToken(tenantId, todoListResourceId); 19 20 var tokenHandler = new JwtSecurityTokenHandler(); 21 SecurityToken st = tokenHandler.ReadToken(accessToken); 22 23 24 // from http://stackoverflow.com/questions/16312907/delivering-a-jwt-securitytoken-to-a-wcf-client 25 // 26 XmlDocument document = new XmlDocument(); 27 XmlElement element = document.CreateElement("wsse", "BinarySecurityToken", 28 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); 29 element.SetAttribute("ValueType", "urn:ietf:params:oauth:token-type:jwt"); 30 element.SetAttribute("EncodingType", 31 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"); 32 UTF8Encoding encoding = new UTF8Encoding(); 33 element.InnerText = Convert.ToBase64String(encoding.GetBytes(accessToken)); 34 35 GenericXmlSecurityToken genericst = new GenericXmlSecurityToken( 36 element, 37 null, 38 st.ValidFrom, 39 st.ValidTo, 40 null, 41 null, 42 null); 43 44 WS2007FederationHttpBinding fedbinding 45 = new WS2007FederationHttpBinding("WS2007FederationHttpBinding_IService"); 46 fedbinding.Security.Mode = WSFederationHttpSecurityMode.TransportWithMessageCredential; 47 fedbinding.Security.Message.IssuedKeyType = System.IdentityModel.Tokens.SecurityKeyType.BearerKey; 48 fedbinding.Security.Message.IssuedTokenType = "urn:ietf:params:oauth:token-type:jwt"; 49 fedbinding.Security.Message.EstablishSecurityContext = false; 50 fedbinding.Security.Message.NegotiateServiceCredential = false; 51 UriBuilder ub = new UriBuilder(sc.Endpoint.Address.Uri); 52 ub.Scheme = Uri.UriSchemeHttps; 53 ub.Port = 44307; 54 ub.Host = "localhost"; 55 56 ServiceReference1.ServiceClient scbearer 57 = new ServiceReference1.ServiceClient(fedbinding, new EndpointAddress(ub.Uri)); 58 59 var svcChannel = scbearer.ChannelFactory.CreateChannelWithIssuedToken(genericst); 60 var cssdf2 = svcChannel.GetData(45); 61 62 } 63

## webmatrix and azure AD based organizational IDs

Not sure why, but we logged into webmatrix, hosting joomla, using our Azure AD-integrated accocunt

then we enabled SSL.

So is this vulnerable?

Well, the IIS express seemed to be the entity deliering the SSL (which means windows is doing the work). It didn’t SEEM to be joomla doing its own.

On the matter of logging into Azure AD, the publication to an azure website was lovely. Well done microsoft azure!

## and as it happens (NSA) word games: more evidence of public untrustworthiness.

doing one thing “ensuring integrity” just happens to requires to something else (that the NEW PROCESS NOT SUBJECT TO THE CIOUT ORDER – AS DEFINED AT MOMENT ONE AFTER THE COUTE ORDER CAME INTO EFFECT – happens to do the exact, urrrrrr., opposite. But , that’s “modern” NSA method! Word games within word games.

Now we know. Stasi.

## software engineering subversion–Peter Guttman’s draft book

we have to assume that software engineering police exist, working undercover. For example, http://www.bbc.com/news/uk-26478149

That is, it is the mission of some on your team, some in your open source community, to not be acting per the community purpose (while professing they do). They are there to subvert (and get code inserted that allows crypto compromise).

Subversion in open systems; and Public trust. How to deal with it?

cryptome distribute a draft of a book, that fails to address the topic. It does engage in a 100 page rant…against PKI.

Key management is hard. Key management for 5 billion people and even more devices is very hard (and has never been done before). A lot of the book rants against the PKI concept – for the internet – designed nearly 15-20 years ago (as reflected, still, today). That said concept has evolved from THEN to NOW, is a testament to the architecture. The world looked different back then!

Peter is a good designer. But, he fails to address the topic: that the engineering process like the standards process is SUBVERTED from within. Its NOT SUPPOSED TO WORK, dummy! (its supposed to be spied upon, covertly.)

## sharepoint people picker

Continuing the process of re-running a Build demo on sharepoint apps, augmented with AAD,

we could make the UI work. But, we could not make CUSTOM domains appear.

So admin@netmagic.onmicrosoft.com could be picked. However, support@rapmlsqa.com could not.

## Brandon Werners Build demo–a rebuild

We got some ways to repeating the build trial showcased in the Sharepoint Hour session.

We can invoke the share point site, and its local IIS express app, tied to our certified domain. The user is a the azure/office site “master” administrator (Think local admin on a non-Domain PC box).

We can even get a token:

But an security exception is thrown – user not authorized, in summary. If we run the app a second time, now using admin@netmagic.onmicrosoft.com as the name of the owner of the site – trying to get around the issue – we get

The very first time, when we used support170@rapmlsqa.com from our certified domain, as the owner, we got a “cannot create – user not authorized” exception. Evidently, the two facts don’t align

We do see our site though!

I don’t see any NEW app definition in the azure AD tenant – though the flow MAY be handled by the sharepoint online app already provisioned.

## giving nsa/gchq a helping hand (re microsoft online immutableid guessing/calculation)

1 param([string[]]$args) 2 3 4 $msolcred = Get-Credential -UserName admin@netmagic.onmicrosoft.com ` 5 -Message "password for netmagic is Fred!" 6 Connect-MsolService -Credential $msolcred -ErrorAction Stop 7 8 $setfed = Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" 9 $alog = $setfed.ActiveLogOnUri 10 11 $strarr = $alog.Split('/') 12 $len = $strarr.Length 13 14 #colc/8/BARS 15 #appid/linkid/mlsid 16 17 18 $mlsid = $strarr[$len - 1] 19 $linkid = $strarr[$len - 2] 20 $appid = $strarr[$len - 3] 21 22 23 Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" -Verbose 24 25 26 echo $mlsid 27 echo $linkid 28 echo $appid 29 30 foreach ($name in $args) { 31 32 $upn = $name + "@rapmlsqa.com" 33 34 $displayname = $name + "_at_Rapattoni" 35 36 $someString = $name + $appID + $mlsID 37 $bytes = [System.Text.Encoding]::Default.GetBytes($somestring) 38 $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider 39 $hashbytes = $md5.ComputeHash($bytes) 40 $result = [GUID]($hashbytes) 41 $resultstring = $result.ToString(); 42 $resultstringbytes = [System.Text.Encoding]::Default.GetBytes($resultstring) 43 44 $base64 = [System.Convert]::ToBase64String($resultstringbytes) 45 46 echo "new-msolUser –userprincipalname $upn -immutableID $base64 -lastname At_Rapattoni –firstname $name –Displayname $displayname -BlockCredential $false" 47 } 48 49

## making office365 users by powershell script, with certified domains

It’s been a while since I last added a user to a office 365 subscription that tied back to the IDP in our certified domain.

I failed to make one using the office admin portal (since no drop downs appear for the certified domains, only the *.onmicrosoft.com domain). Similarly, I failed to use the Azure AD portal, for users, for the same reason.

So lets revise what we remember to do, using scripting:

param ($name) $msolcred = Get-Credential -UserName admin@netmagic.onmicrosoft.com -Message "password for netmagic is FRED!" Connect-MsolService -Credential $msolcred Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" -Verbose $upn = $name + "@rapmlsqa.com" $displayname = $name + "_at_Rapattoni" $guid = [GUID]::NewGuid() $guidstring = $guid.ToString(); $base64 = [System.Convert]::ToBase64String($guid.ToByteArray()) $base64ofstring = [System.Convert]::ToBase64String( [System.Text.Encoding]::Ascii.GetBytes($guidstring)) echo "new-msolUser –userprincipalname $upn -immutableID $base64ofstring -lastname At_Rapattoni –firstname $name –Displayname $displayname -BlockCredential $false"

A variant:

1 param([string[]]$args) 2 3 $msolcred = Get-Credential -UserName admin@netmagic.onmicrosoft.com ` 4 -Message "password for netmagic is Fred!" 5 Connect-MsolService -Credential $msolcred 6 7 $setfed = Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" 8 $alog = $setfed.ActiveLogOnUri 9 10 $strarr = $alog.Split('/') 11 $len = $strarr.Length 12 13 $linkid = $strarr[$len - 1] 14 $tenant = $strarr[$len - 2] 15 16 17 Get-MsolDomainFederationSettings -DomainName "rapmlsqa.com" -Verbose 18 19 20 echo $linkid 21 echo $tenant 22 echo "" 23 24 foreach ($name in $args) { 25 26 $upn = $name + "@rapmlsqa.com" 27 28 $displayname = $name + "_at_Rapattoni" 29 30 $guid = [GUID]::NewGuid() 31 $guidstring = $guid.ToString(); 32 $base64 = [System.Convert]::ToBase64String($guid.ToByteArray()) 33 $base64ofstring = [System.Convert]::ToBase64String( 34 [System.Text.Encoding]::Ascii.GetBytes($guidstring)) 35 echo "new-msolUser –userprincipalname $upn -immutableID $base64ofstring 36 -lastname At_Rapattoni –firstname $name 37 –Displayname $displayname 38 -BlockCredential $false" 39 } 40 41

## https://johncarlosbaez.wordpress.com/2012/07/30/increasing-the-signal-to-noise-ratio-with-more-noise/

The 1940s sigsaly secure voice communication model of PAM is nicely summarized by Forney at the chapter from his MIT courseware:

Its worth a read since it leverages the math that I, for one, have got down from studying quantum mechanics. Its more engineering than science, focussing on particular wave functions: sinc_{T}(). These get us to actual pulses, where in time periods values can be assured to be from an orthonormal set. One gets quickly to auto-correlation measures (which takes one quickly on to sensitive areas (still!) of crypto applied to satellite waveforms). Forney was more concerned with teaching sampling, indicating first from shannons rules about maximum spectral efficiency (given SNR, basically) one can build a random process model in continuous math then prove that an orthonormal expansion can represent the points without loss of information. Having managed to turn Hz carriers and power issues into a set of symbols being delivered at a particular rate due to the modulation, he then shows how coding can, optionally, further improve the performance.

Is fun then to turn from 1940s thinking, long tied to Lincoln and MIT, and onto Baez:

We get a view into some modern noise-related research topic founded in another 1940s topic: weiner processes.

## using Graph API with openid connect flow

I ran the project having DONE the steps noted at https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet

And clearly, we see our directory record.

When we look at the new code for handling all this high visibility token fiddling in the webapp, we see:

I would have hoped the owin middleware did all that…

## thermodynamic reversibility and unitary crypto gates

I like the last paragraph. It puts into stark perspective, of thermodynamics, the difference between the random walk and the quantum walk. The notion of the random walk “damping” all but the first eigenstate is clear, when seeing how the now-undamped contribution of all the other eigenstates give one “entanglement” states in the quantum walk case.

## generating minimum distance and t-resiliency, for channel reliability

it turns out useful to go re-review some of our year 3 curriculum on coding, channels, sampling, decibels etc now we that have the perspective afforded to use in studying year 4 topics. Our math is strong enough now to really understand the grad-level course that Forney in particular was trying to teach.

http://yorkporc.wordpress.com/2012/08/05/turing-repetition-codes-and-codebook-generators/ captured what we knew then about the world of (n, k d) and RM(r,m). At http://yorkporc.wordpress.com/2013/01/02/union-bound-estimate-pairwise-probability-of-error-in-tunny/ we got to understand the engineering, seeing how to take the world of hamming bits and project them onto the euclidean plane and the association world of finite energy functions. The two worlds of “math generation” and ensuring closure of the calculations when working in energy space aligned nicely.

The engineering also showed us how n, k and d work in both generator land and engineering land. And, we learned how to model probability of error, and SNR.norm. While Forney’s teaching orientation was focused on reducing the gap to capacity, we were more interested in seeing how the DES ECB mode work – in that L2 world – assuming that its coding structure leveraging random permutation theory, markov models for cayley graphs, generators and conditional probability calculations, etc were working to drive the probability of error lower than 2**64, ensure t-resiliency AND get in 1975 close to the shannon limit of a 1 bit channel.

It was fun re-reading those posts and the referenced material, seeing in particular how E.kmin was used and characterized along with minimum Euclidean distance and approach toward a capacity limit. One saw ghosts of phase space theory, ensuring that the projection onto suitable geometries within the hamming cube could retain the weight differences and minimum weights that translated into ensuring a closed calculation world.

it was also interesting to see how “factor” were characterized, reminding me of Tunny-era scoring systems – where even back then one designed DIFFERENT scoring systems for different assumptions about the probability of error (when separating Phi streams from Chi streams, say), the dottage of the day – which would influence whether the SNR had sufficient bias to allow averaging processes – over lots of depth such as DES CBC blocks favored in NSA-influenced IESG – to actually converge….when one started totting up scores.

its at the end of the http://yorkporc.wordpress.com/2013/01/02/union-bound-estimate-pairwise-probability-of-error-in-tunny/ post where one gets to see just how close to these ideas folks were, when wheel breaking, back in 1944. One even sees how calculating in the sign basis (the hard numbers of hamming space) was justified as a means to calculate the same “factor” that Forney identifies (given a particular engineering plot of P.error against SNR.norm/roe).

One also sees how, from practical cryptanlaysis methods, how both known-good hits of the model against the depths in a couple of rows under evaluation give a score contribution –and how known-good fails also contribute some score, too.

## quantum random walks along Turing-era world lines, with swaps, built into 1950s rotor machine

Roland does a really great job of putting into a couple of pictures the move from random to quantum walks when working in the Tunny-era “sign” (bit!) basis (of –1 and 1)

http://yorkporc.wordpress.com/2013/03/24/quantum-walksfor-quotient-groups/

Not only that, he captures in a theoretical manner that we have seen exhibited in more elementary form as 1950s rotor-based cryptosystems. Whereas the random walk concerns the distance from the “measure” of the constant functions (i.e. the world of the stationary distribution) to the first E-v, the quantum walk takes those same ideas and treats them “circularly”.

That is, the measure is now a refined-measure (capital delta) – the length of the arc (actually fourier transformed) rather than the distance left over after one takes away the 1d shadow cast in the amplitude world). What’s more, in that quantum world where one is moving – via convolution – in phase spaces along arcs in the spectral basis, a “unit” motion may induce an anti-symmetry swap – in which a coin flip associated with the motion impulse in some direction along an arc THEN causes that intermediate phase to flip to its complex conjugate or NOT – depending on the value of the coin flip.

Of course, we saw that in rotor writing theory, too!

where the author postulates an Alfred Small-style rotor looping (i.e. 2 walk steps, where any “step” involves all n rotors)

In the first column, you see 2 groups of 13 characters to which 7 or 8 feedback lines are added – in each group.You also see a second column, also of two groups, where you should imagine that it’s a copy of the first rotor, rotated by 180 so that each half is opposite its anti-symmetric peer on the other wheel (i.e. upper group is opposite lower group , etc). The coin flipper (or plug setting!) , for each output path in the first rotor then decides which of two wires is used – the one to the upper or lower group.

But more than just the controlled swap feature, of the quantum walk, on display. There is the phase conjugacy too. For each group in the column has 10 switching points, which you should think of as 20 input connections. Huh? taking the lowest group of the first column and the lowest square (switching point) of the alphabet A-M (interspersed with 7 additional input lines from the small feedback) the switch is acting on letter at distance (A-M)/2 (somewhere around F). The next switch point up is acting either on F-1 (E) or F+1 (G). The next one further up is F-2 (D) and F+2 (H).If you trace the linear wiring and then realize each connects to a pin/pad on the wheel, one sees the phase space geometry in the input wiring plan, and the output switch reflect the swap operation (as the arc-length motion from 1 to e^{theta1 }may swap over to e^{-theta1}

So, there! we were able to talk all about eigenvalues without requiring you to do lots of boring matrix fiddling. Furthermore one sees how in the quantum world the notion of the limiting distribution is distinct – and is a summation of the contribution of *all* the eigenvalues in the eigenspectrum (reflecting the k-long “spectral impulse” associated with each k-long path in what is now a “spectral basis”). Since in quantum spaces one has entanglement states (which is “non-linear”), SEE HOW one captures how the terms of each generated wave functions for each step on the evolution can be co-dependent in that unique and quantum-mechanical –only world. This is quantum mixing (and NSA/GCHQ/IBM quantum searching, moreover).

## odata over sb, with ACS tokens

## contrasting X method of cryptanalysis with differential cryptanalysis

In Turing’s On Permutations manuscript, circa 1954, he makes an argument about sequences of continuous functions (in continuous spaces). This enables him to reach a conclusion about uniform “limiting” distributions. We have a reasonable understanding of this theory, now – a theory that, we might recall, was developed by Newman – sitting in the Cambridge chair of wheel wiring theory.

Any science faculty undergraduate doing a fundamentals of crypto course learns about the need to resist X cryptanalysis (where X is really “linear”). Unlike differential cryptanalysis attack methods linear-X is countered using the method of of expander graphs.

Back in Turing’s day, graphs were not necessarily abstract mathematical objects. You could also have in front of you two rather physical and very real enigma wheels and be being required to decide: so how do I wire them up, possibly as a pair, to resist linear-X?

The theory of graphs, state machines, Turing machine walks through configuration spaces, evolution of quantum states, unitary representations/gates and group theory generally, as taught to Turing mostly in the US (hint), all comes into play.

Now wheel wiring theory from the rotor era has to be one of the most erstwhile guarded crypto secrets of all – at least up till 2000. At most, you saw folks discussing the flaws of the enigma wiring plan, perhaps heard how the Russian M-125 machine addressed them to deny folks the Turing bombe attack, used the properties of isomorphs and alphabets split into 2 groups of 13 characters interspersed in a set of 41 pins/pads; otherwise discussed topics such as bi-partite sets, symmetric groups, how permutation groups *represent* other graphs/groups; and, then considered more advanced topics such as Rayleigh quotients.

All in all, one had to get familiar with university level math in norms, inner products and then argument about averaging and closure! As I keep hinting, rather than study it all in the math department, go study it today by learning the applied math needed for quantum mechanics!

I just think of computer science as that branch of computable math that eventually drives what a compiler does – spit out lower-level instructions. In the world of above, this means we need “compiler-math” theory – whose concrete methods take in high-level language input (ideally in the notation of polynomials) and should spit out long sequence of primitive adding, subtracting, and square -rooting calculations. I think of wheel wiring design, circa 1940, as requiring the use of early “compiler theory” – which of course is the ability of math to act on math!

I now look at expander graph theory, and Wikipedia’s article is as awful as the best at making it all almost intractable to the lay reader, as the theory of wheel wiring. But, it is. And its all it is. In one good turn of phrase, the author writes:

The original motivation for expanders is to build economical robust networks (phone or computer): an expander with bounded valence is precisely an asymptotic robust graph with number of edges growing linearly with size (number of vertices), for

allsubsets.

We want, that is, is for the properties of (plant) growth to evolve to become uniform as the evolution process approaches the steady state of the limiting distribution – no matter which particular cells (of the plant tissue) we happen to be studying. Being less able, math types talk about vertices and subsets (rather than tissue types and the cells making up any region of tissue).

All we are doing is deciding how to wire up groups of pins. To this end the theory helps us out by showing that certain wirings imply certain mathematical facts. Unfortunately, these require you first to re-wire your brain and now think more like a computer scientist – happy to let calculations and numbering be not on a paper but on the surface of a football – ALWAYS.

And that was Turing’s argument about continuity and uniformity. Footballs! For on the surface of the ball, when using a wiring-compiler to output long sequence’s of primitive operations that assume calculation happens only on its surface, certain theorems of meta-math come into play. And these just happen to address linear-X. Its also our contention that they (shush) also address differential cryptanalysis.

One learns eventually that one wants the points of the crypto space – now that they are projected onto the surface of a football – to be as far away from constant functions as possible – meaning that its hard to build an approximating model (that would undermine the security). Expander graph theory helps understand that rather-blah undergrad examination testing point. Football markings, and their “straight line markings”, give anyone a solid intuition for the distinction between constant functions … and points within them.

Certain results concerning what happens when one represents wiring plans in the form of adjacency matrices enables one to consider then topics such as irreps. This just means, taking a larger matrix, understanding how it may be conformed of smaller matrices that allow matrix calculation to be a surrogate for that more abstract branch of math : polynomials. But don’t get alarmed, we don’t need to go beyond deciding how to wire up our enigma wheels.

Certain adjacencies allow a certain kind of analysis, since they are models for calculation on the Reimannian sphere – there I’ve said it, and started to sound intellectual. IN short, one looks at two groups of wirings on the wheel, or between wheels, and one counts up the groups. If the ratio is just so, then all the continuity/uniformity theory comes into play.

I think of this ratio as the Rayleigh quotient, which if positive always allow one to build computerized or manual compilers that output long sequence of … terms …that calculate on the surface of a ball. The notion of continuity and closure makes sense then, as the ball has no coordinate system…and any calculation is relative to any other!

The final point to get across is how one gets from arguments about continuing to uniformity. And that’s hard to say, with getting fancy. All I can really say, simply, is that we are crypto-averaging! And what else is averaging, but … averaging … which means that things happen eventually in an uniform manner – as all the differences add up and spread out.

P.S. The fun part of X is that is NOT that different in theoretical basis to differential cryptanalysis (though not if you listen to the American or Jewish schools). From the attack on Tunny onwards, with colossus helping out or not, one needs to compute a certain form of the Rayleigh quotient, where on minimizes a set of maximized length difference induced by an electron wandering along one or more of the wire between the pins on an enigma wheel. If one studies this, which leads on to Viterbi decoders, one sees that X and differential cryptanalysis are really the same thing. One is interesting is to see the lengths to which the UK went to a) hide the topic of differential cryptanalysis, and b) hide how from the rotor era onwards cipher and coding design revolved around concocting those wiring plans that expressed well known symmetric and dihedral groups, fashioned expander graphs, maximized distance ON AVERAGE, and all in all made the observer see only a uniform set of probability that did little to aid their guessing!

P.P.S. Like Turing, I never said the word eigenvalue. One doesn’t need to. Seeing the theory in linear algebra terms does actually help, however, with the more intricate study of differential geometry and, thereby, differential cryptanalysis.

## app settings for dotnet

1 <configSections> 2 <sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" > 3 <section name="Tools.Instrumentation.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" /> 4 </sectionGroup> 5 </configSections> 6 7 8

1 2 <applicationSettings> 3 <Tools.Instrumentation.Properties.Settings> 4 <setting name="LogLevel" serializeAs="String"> 5 <value>DEBUG</value> 6 </setting> 7 <setting name="AppName" serializeAs="String"> 8 <value>MyApp</value> 9 </setting> 10 <setting name="Port" serializeAs="String"> 11 <!--value>33333</value--> 12 <value>0</value> 13 </setting> 14 </Tools.Instrumentation.Properties.Settings> 15 </configuration>

## DUAL EC attack theory, in quantum mechanical terms

Lets take a look at https://onedrive.live.com/redir?resid=5061D4609325B60!5824&authkey=!AJaVvdDixpapUgA&ithint=file%2c.pdf

2014-0521.pdf listed by Cryptome

In short, the paper discusses several implementations of TLS and the means by which one can exploit implementation features, in the manner by which cryptomodules are used by ciphersuites of the TLS handshake. The exploit class delivers to the supposed attacker sufficient public data about a random stream, generated from a PRNG seed, that allows one with a backdoor on the PRNG process to predict the next set of generated values. The point is that said set may contain secrets that the ciphersuite protects – that the trapdoor reveals by a mixture of knowing the pool from which the secrets are taken and by search. Some of the secrets compromise other mechanisms (and the security services that derive from them); including DSA signing keys. A compromised signing key compromises the authenticity of the DH keys used in the key agreement mechanism, which compromises the generation of the pre-master secret used in key derivation elements of the SSL handshake.

However, the above is not my concern (since Id like to stay unshot – having been trusted by folks in NSA not to undermine their mission). Our concern is to simplify understanding of how DUAL EC works – so lots of folks can understand its processes. They seem hard! But they are not if you think in terms of physics and computer science.

Recall from quantum mechanics that there is the unknowable notion of quantum state – that bucket of bit-like things from which all measurements in the real world derive. We cannot know that state, being an pure math combinatorical object, but we can measure it – providing we learn to do quantum mechanical measurements. For that, we need some math – the math of measuring states.

For the purposes of this article, the PRNG seed is the quantum state – supposedly unknown and unknowable (until we understand the math theory of trapdooring).

Its best to start out with a math refresher taught by an expert

In this lecture you get a solid grounding. But you don’t get the kind of math that shows how to more easily understand Ps and Qs and elliptic curves. For that we need a little more of his teaching:

What we now need is the ability to compute in two spaces at once – the space and its dual. So there , we are starting to get towards P (this space) and Q (its dual). Other examples of this duality include the frequency space and the space of amplitudes – where one converts between the two using the fourier transform.

Look at the part of the video, at link, where SUsskind introduces a summing variable (j). And, then, understand the notion of “scripty M” and the general concept of hermitian conjugation (of operators, rather than values). Now recall the notion of wave/particle duality – and just consider how the very FORM of the equation captures that notion. Both aspects are modeled, with the stuff on the right being the amplitude space (perhaps known as kets) and the stuff on the left being the periodic or frequency space (perhaps known as bras). One models both the particle like and its wave like features at the same time, knowing that they are conjugate. The domain and its frequency representation (via fourier transforms) are conjugates. You can be a particule and and a wave at the same time, once the math enables you to state facts about both simultaneously. And that’s the key (without getting into locality, centrality, or any other physics ideas).

I want you, now, to think of P and Q in the sense of hermitian conjugates (don’t take this literally!). They act on the mythical and unknowable “crypto”-quantum state denoted as A (on the right and on the left, in dual form). We have to be reasoning with both components always, simultaneously, to be seeing the crypto notion of trapdooring.

Now, the point of elliptic curves is that the relationship between particular points P and Q, as hermitian conjugates, is not computable – without knowing the value d (in the language of the paper). (One should think of RSA math, at this point!) Only then can one start to compute “averages” as a cryptanalyst– that special kind of computation that comes about from “duality” expressions of this form. It’s allows one to work with predictions about average cases, found when performing a measurement lots of times. One wishes to know the bias, over 50%, of which outcome value predominates. This is the key to cryptanalytical techniques and knowhow.

Now, you might object to this characterization of curves and points P and Q (since the duality concept is not consistent with “how you do the calculation”). But calculating is not the point of this memo. We are programming, here, creating algebras that allow us to reason about calculation spaces, types of expressions, and the GENERATION of expressions (that then calculate).

To use Susskind’s metaphors, you perform your particle-like machine process ‘M’ on an input state and then project the intermediate result (which should be reminding you of a DES sbox output) onto the machine.dagger – that conjugate machine that allows you now to act on the crypto-space in a wave like manner. IN so doing one statements are those that now act on *any* possible input (complex conjugated); one is doing algebra of

“crypto” search spaces and formulating algebras thereof. One has captures the “art” of cryptanalysis, realizing that its that class of math that “characterizes” searching and constraining. Of course, being math, one wants math that searches out math that duly searches…out such mundane things as needle keys in haystacks of cipher.

## generic service host factory for multiple services (and their multiple service contracts)

1 public class WebEnabledServiceHostFactory : ServiceHostFactory 2 { 3 4 private static readonly object locker = new object(); 5 6 private static Dictionary serviceLookup = new Dictionary(); 7 8 static WebEnabledServiceHostFactory() 9 { 10 lock (locker){ 11 serviceLookup.Add(typeof(ICalculatorService), typeof(CalculatorService)); 12 } 13 } 14 15 protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses) 16 { 17 ServiceHost host = new ServiceHost(serviceLookup[serviceType], baseAddresses); 18 19 ServiceEndpoint endpoint = host.AddServiceEndpoint(serviceType, new WebHttpBinding(), "web"); 20 21 endpoint.EndpointBehaviors.Add(new WebHttpBehavior()); 22 23 ServiceMetadataBehavior smb = new ServiceMetadataBehavior { HttpGetEnabled = true }; 24 host.Description.Behaviors.Add(smb); 25 26 return host; 27 } 28 29 } 30

from http://toreaurstad.blogspot.com/2013/05/creating-webenabled-service-via.html

## notes to self

Lets also recall the lesson of the Russian cipher comparing how the matrix transform computes an inner product whose value drives the non-linear function – in the sense that certain state bits in DES use 2 bits of an expanded 6 bits to drive the choice of sbox.

Put this together with the rules on creating non-exceptional algebras (of the kind Turing was discussing, albeit with permutation groups). Recall from the Fano discussion how the constraints of the semi-groups comes down to a relationship between the group and its subgroups, which in binary can be expressed as a tunny-era 2-impulse delta’ing process that imposes parity – and thus defines the “right stuff”.