Notes on Windows Kernel Security...

Having been the lead architect on more than a few security projects - I can really appreciate the aims of the windows security kernel API.

A token to represent every object in the system. Objects live everywhere, as files, users, domains, et cetera.

But somewhere along the development timeline, vain attempts to obfuscate the true meaning of certain elements were chosen over safe techniques, using provably secure algorithms and clear documentation.

Simply speaking, it became an extreme example of complication with varying true security value. Drivers which run within the kernel are treated as aliens, pretending to be running in restrictions which are entirely fictitious fantasies - leading to insecurities and ultimately more bugs.

Provable security is difficult enough within the computer environment - safe timing, "true" randomness and safe, tested cryptographic algorithms are difficult enough as it is.

Don't get me wrong - the security paradigm of Windows is arguably much better (at least theoretically) than Unix. It's just done very badly.

For example, having to decide if I need a Security Context, a SID, LUID, SecurityUserData, or perhaps an Access token is inane and utter bull. All these types could easily be represented as a single type, with perhaps a non-referenced user-mode handle for safety.

So, for now, I put this down on my " Top Ten Horrors of the Security World."

Officially a blog slug...

Having been through a three major surgeries in the family, kids' week off from school, a few illnesses and several impending work deadlines - I have completely neglected this poor haven of strange ideas... yup, I'm a slug...

My RSA adventures have lead to some interesting shortening of attack vectors, but nothing of true value as of yet - though I thought I had it licked at one point! Still, some great insight for me.

I've learned a LOT on approaching impossible problems - analysis saves a lot of development work, but only if you're willing to identify and gather real data. Also, you need to analyze sets, not just points on a graph. Knowing your functional, set values and computational limitations beforehand gives you an enormous edge in quickly performing tests - but you must be careful not to be boxed into your own boundaries.

For instance, here's the boundaries for all RSA factors, taken as a percentage of distance from the square root. This trend holds for all magnitudes of prime and presents a rather reduced attack space than I first anticipated. The blue line is the running minimum "center point," the green space represents all possible distances between one the real factor and the square root of the quotient, and the blue space represents all possible distances between the one real factor and the center point (p + q / 2)

In laymen's terms - this means that there's no need to go outside of this space to look for possible p factors for the quotient pq - thus reducing the attack surface. In practical terms, the distance between the square root and one of the factors is AT MOST 2.5%!!! And though the distance may increase to 10% - it is a known search space of much reduced size. Yes, that is still a large area when dealing with 300 digit numbers - but VASTLY smaller than I originally anticipated. Perhaps this is well known among mathematicians - but it was an eye opener for me!

I definitely have gained much even though I have yet to solve this beast!

A new approach to cracking RSA...

I've spent 10 years tinkering with RSA factoring algorithms. Everybody needs a hobby, eh? I've tried many, many different approaches in solving the problem more efficiently than is currently practiced.

RSA factoring is plain stupidly simply. Find two prime numbers that are the factors of one very large number.

For example,

16347336458092538484431338838650908598417836700330923121
81110852389333100104508151212118167511579

× 19008712816648221131268515739354139754718967899685154936
66638539088027103802104498957191261465571

= 31074182404900437213507500358885679300373460228427275457
20161948823206440518081504556346829671723286782437916272
83803341547107310850191954852900733772482278352574238645
4014691736602477652346609

So far I've explored Russian Peasant division, bit multiplication shortcutting, bit reversal with vector unit multiplication, and traditional sieving and plain bruteforce. A few years back I happened across a new method - but it was only reliable in some cases. The fantastic news is that it when it did work - it was incredibly fast. I was able to factor 384 bit numbers in a few minutes, rather than hours.

I've lost the code, but I finally remembered the basic algorithm. And it occurred to me that perhaps it was simply a rounding error in my path decision algorithm.

Anyway - my "project rotation" is upon me again, and hopefully this time I will finally succeed.

Life's passage in a swirling pop of time..

I really can't believe how quickly time is passing since I hit about 35 years old! The kids had dug up some old pictures and drawings from 2003... and it dawned on my how very little time I feel has passed, yet I know that it's been SIX years. I feel as though there are so many things left to do, and so I am excitedly looking forward to what comes next.

I just need to build that laboratory now!

A somewhat muted 4th...

But based on tonight, I propose that the "country consumer confidence," as gauged by the length and number of fireworks is certainly slipping. It was still a beautiful night, but people didn't drop nearly as much on fireworks. The neighbor down the road who usually drops about $1,000 on something that could be compared to a miniature Addison BoomTown - only did about half that. The folks in the town proper were nearly dark - mostly sparklers, black cats and a few small displays.

Some people spend hundreds of dollars putting on fireworks shows, some people just $10 dollars. But, nearly everybody does something... because we can, ha ha ha.

I know I only did about half as much myself - but that was mostly due to the fact that my tractor was out of commission last week and I didn't get the time to mow the area necessary for big arial displays done safely. I still did as much of the small ground stuff though.

On a brighter note - the kids had a blast tonight. Lots of smoke bombs, sparklers, roman candles, tanks... everything they love!

Oh, and I'm almost done with bunk bed #2... totally awesome, dude. Hope you had a wonderful, safe, and self-evident Fourth of July.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.--That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, --That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed.

Searching for fluid and thermal dynamics help...

I need some help from someone willing to hear an idea and bounce back real world knowledge at me.

So I have a truly wild idea for an "automotive power plant" which, in my whimsical estimation should absolutely blow conventional, modern hybrid and diesel milage away. It's also simple and elegant as well.

But my assumptions may be hideously misguided as well. I've done a cursory search in the USPTO database and found little, if any pre-existing claims for such an idea..

Anyway, if you have some basic experience in either of these fields I'd really appreciate your time. You don't need to be an automotive engineer or have formal training - just an idea of what your doing.

Drop a comment and I'll get back to ya if you're interested in my wacky adventure!

A math professor makes the convivial play...

As all of you know (of course!), this blog's namesake comes from a book by Ivan Illich, a priest and philosopher of sorts. And so in the tradition of "Deschooling Society," I present a new criticism of educare.

Really good criticism doesn't just manifest an idea - it belies an idea which imposes a mental struggle upon the reader. And so when a math professor scourges our system of education with true wit and "the ugly truth" - I just couldn't resist.

First, I present the coup de pied bas (low kick):

Sadly, our present system of mathematics education is precisely this kind of nightmare. In fact, if I had to design a mechanism for the express purpose of destroying a child’s natural curiosity and love of pattern-making, I couldn’t possibly do as good a job as is currently being done— I simply wouldn’t have the imagination to come up with the kind of senseless, soul-crushing ideas that constitute contemporary mathematics education.

Everyone knows that something is wrong. The politicians say, “we need higher standards.” The schools say, “we need more money and equipment.” Educators say one thing, and teachers say another. They are all wrong. The only people who understand what is going on are the ones most often blamed and least often heard: the students. They say, “math class is stupid and boring,” and they are right.

Obviously the man has a point. Look at math scored world-wide and the USA begins quite strongly in the Kindergarten through Fifth grades, and quickly slopes downwards from there.

I have watched my own children's fascination with mathematics shrink and wallow in misery. It's not that they don't enjoy the concepts - it's simply become a boring monotony of testing regimes on par with the infamous "Are we there yet? Are we there yet?," et cetera.

Hence, the fouetté (whip):

Why don’t we want our children to learn to do mathematics? Is it that we don’t trust them, we think it’s too hard? We seem to feel that they are capable of making arguments and coming to their own conclusions about Napoleon, why not about triangles? I think it’s simply that we as a culture don’t know what mathematics is. The impression we are given is of something very cold and highly technical, that no one could possibly understand— a self-fulfilling prophesy if there ever was one.

It would be bad enough if the culture were merely ignorant of mathematics, but what is far worse is that people actually think they do know what math is about— and are apparently under the gross misconception that mathematics is somehow useful to society! This is already a huge difference between mathematics and the other arts. Mathematics is viewed by the culture as some sort of tool for science and technology. Everyone knows that poetry and music are for pure enjoyment and for uplifting and ennobling the human spirit (hence their virtual elimination from the public school curriculum) but no, math is important.

I believe what he's saying is quite simple - we've become focused on the applications and ultimate use of mathematics. In doing so, we've actually forgotten the factor of humanity in education. Children will only quell imagination and curiosity for so long before pronouncing a subject as boring - the death knell of active learning. Rulers, books, and verbal warnings thus become the trade of education in the latter grades.

I'm not saying it doesn't work - it just works badly for most.

Finally, the crochet(hook):

If teaching is reduced to mere data transmission, if there is no sharing of excitement and wonder, if teachers themselves are passive recipients of information and not creators of new ideas, what hope is there for their students? If adding fractions is to the teacher an arbitrary set of rules, and not the outcome of a creative process and the result of aesthetic choices and desires, then of course it will feel that way to the poor students.

Teaching is not about information. It’s about having an honest intellectual relationship with your students. It requires no method, no tools, and no training. Just the ability to be real. And if you can’t be real, then you have no right to inflict yourself upon innocent children.

My own experience in math (indeed, most of my early education) exactly mirrors these conclusions. I learned math from my physics teacher (Dr. Bob Rowe), for goodness sake. He'd challenge us, he'd even allow us to explore ideas together. He had us work endless problems, but there was almost always more than one right way to do things. I stank at physics - but the fundamental idea that solutions come in variety sticks with me to this day.

I got answers so wrong, so often that had I not been so driven - I am sure that my life would have been quite different. I am not a genius by any stretch - I merely follow ideas where they lead me no matter how preposterous they may seem in search of an answer.

That said - it's certainly not a utopian world. In fact I believe all teachers are truly desirous of those moments when their pupils "get it." Certainly pupils are of all different stripes and molds - and teaching is hard work.

But I truly appreciate this man's viewpoint, and it can be done - just not everyone will do it. So if you teach, I implore you to at least let yourself struggle with these ideas. We want our children to be able to solve problems on their own - so let them.