Printable Version of Topic

Posted by: Rand Jul 20 2010, 03:17 PM

As the title says, I would like to know the page numbers of where it gives the encryption rules, such as TN and how you go about breaking it. Thanks.

Posted by: Johnny B. Good Jul 20 2010, 03:49 PM

The rules on encryption are screwy. The book redirects you like three times.

Engrypting: Make an Encryption + EW roll, hits x2 determines threshhold. You can encrypt almost anything. Nodes, subnodes, programs, access logs, databombs, icons.

Decryption: Make an extended Decrypt + EW roll, interval one IP. Once you hit the threshold, you have the decryption key.

Posted by: sabs Jul 20 2010, 04:09 PM

Basically:
Assuming you have a hacker and a sys admin.

Sys Admin
EW 5
Encryption: 8
Math SPU, encephalon 2, Hot VR, Optimised Encryption.
Dice Pool 19:
Net Hits: 5-6 (max of 19)
Threshold of 10 to 12 (potential max of 38)


Hacker:
EW: 5
Encryption: 6
Math SPU, Encephalon 2, Hot Vr, Optimised Decryption
Dice Pool: 17
Net hits: 4-6
So the roughly best encryption in the world is going to take a hacker anywhere from 2 ip, to 9 ip.
3 combat rounds at the very most, assuming some amazingly lucky encryption.
That's some crazy speedy decrypting.

And fo course the Technomancer is rolling closer to 25 dice for the test. And so he's chewing through UV encryptions in a heartbeat.

Posted by: hobgoblin Jul 20 2010, 04:15 PM

i assume the book is SR4a. the actions are described on page 229 if you want to apply the encrypt program described on page 233, or decrypt something by way of a previously acquired key.

if you have no such key, there is the initiate cryptoanalysis action on page 230, using the decrypt program on page 233 (note that if you have the key you dont need to perform this action to gain access. key can be acquired in a number of ways, with at least one involving a love troll).

there are expanded encryption rules on page 65 and 66 of unwired.

Posted by: CanRay Jul 20 2010, 04:20 PM

This also works for passcodes, voice prints, retnal scans, fingerprints, and severe psycological damage.

Posted by: hobgoblin Jul 20 2010, 04:22 PM

"i'm bubba, and i approve this message"

Posted by: Traul Jul 20 2010, 06:49 PM

Where do you get that from? I don't see any roll for encrypting, and Unwired states that the enryption rating is usually the Encrypt program rating.

Posted by: Johnny B. Good Jul 20 2010, 06:55 PM

Maybe I was wrong, I don't have my books with me. Will check when I get home.

Either way, Encryption is still really weak, unless you have an agent running a dynamic encryption.

Posted by: sabs Jul 20 2010, 07:09 PM

from the book

Which means btw, that SiN info stored on your commlink. You need 10 hits on a decrypt to get access to it. /woo/

Posted by: Traul Jul 20 2010, 07:16 PM

That's the cryptananalysis roll. It does not describe what the encryption rating is (and since they had to put it in Unwired, I am afraid this cannot be found anywhere in the core book).

Posted by: sabs Jul 20 2010, 07:19 PM

From Unwired
pg# 65

Dynamic Encryption:


Strong encryption lets you up the interval by the amount of time you spent encrypting, max 1 day.

I think it's pretty clear that the Encryption rating is = to the Rating of the Encryption program used to encrypt it.

Posted by: hobgoblin Jul 20 2010, 07:25 PM

so a agent performing dynamic encryption, one will continually add to the threshold the attacker is attempting to reach.

i could see that being popular for corps and such, if only they didnt need to spot the attacker first via matrix perception (a mechanic i am unsure how works for automated defenses. Can one spot a hackers persona while he is trying to decrypt some data traffic for instance?).

Posted by: sabs Jul 20 2010, 07:30 PM

Only if you make a non-extended matrix perception test, with the threshhold being the Stealth Program Rating.

Posted by: hobgoblin Jul 20 2010, 07:42 PM

that do still not answer my question, as the person doing the decryption would not be present in any node my persona is present in, but rather in one that the traffic between my home node (comlnk usually) and whatever i am exchanging data with passes through.

from what i can tell there are only two groups of personas i can spot, the ones that are within direct radio range with my comlink (ARO) or those that have a persona present in whatever node(s) i am currently accessing.

and given that, i would say the times one can successfully deploy dynamic encryption (or spoof, as it to relies on first using matrix perception on something that can communicate with the target of the spoof action) are more limited then one first get the impression of.

seriously, i really like the matrix rules in SR4 for its more flexible nature (and its AR), but the conditions for use on some of its more interesting abilities have apparently not been fully contemplated.

Posted by: Yerameyahu Jul 20 2010, 07:45 PM

I don't really see why you couldn't use Dynamic Encryption wherever you are. You just rotate things, you're not interacting with the decrypter.

Posted by: hobgoblin Jul 20 2010, 07:52 PM

read the requirements in unwired, its specifies that to use dynamic encryption one first need to use matrix perception successfully on the persona performing the decryption before one can initiate dynamic encryption.

Posted by: Yerameyahu Jul 20 2010, 08:00 PM

No, no, I don't mean RAW. I mean, 'how you should use it in your game if you want'.

Posted by: hobgoblin Jul 20 2010, 08:10 PM

while true, it kinda defeats the reason to discuss rules in the first place

Posted by: Yerameyahu Jul 20 2010, 08:40 PM

Psh. We constantly discuss RAW and house rules in the same threads here. I thought it was clear that I wasn't making a claim about RAW, but I'm glad someone pointed out that it wasn't. I wouldn't want to confuse anyone.

Posted by: Rand Jul 20 2010, 10:24 PM

The reason why I am asking is because I want to see if using the more complicated encryption (longer intervals) is really game breaking? As I reason it now, I don't think so. I have been trying to make the game faster at the table, but slower in-game because I think it is rediculous that response time is really un important - if they aren't there, then they won't be. You know what I mean?

Posted by: Malachi Jul 20 2010, 10:59 PM

Not quite. It's actually an Opposed Test: Computer + Analyze vs. Hacking + Stealth (SR4A p. 228).

Posted by: Yerameyahu Jul 21 2010, 01:39 AM

Well, that's why there are optional rules. SR4 intentionally has weak crypto, but you can strong it up.

Posted by: kzt Jul 21 2010, 02:39 AM

My opinion is that the way SR handles encryption is extra dumb, and it clearly shows that which ever dufus wrote and approved the crypto rules has no idea what crypto does and why it needs to be effectively unbreakable for people to do important to the game things like buy stuff with electronic money. The only area where unbreakable decryption really hoses the players is encrypted files. If every file your hacker gets has unbreakable encryption on it really sucks. But since nobody actually carries around a little book full of thousands of random 43 character keys and manually enters the key every time they want to read any file, assume that the OS decrypts the file for the user automatically if the hacker is in as the user.

If someone wants to decrypt most anything else I'd suggest any of several other approaches, like Rubber-hose cryptanalysis, black bag jobs, stealing/hacking a poorly secured comlink, etc. All of which are a lot more interesting than the hacker rolling dice until he wins.

Posted by: Rand Jul 21 2010, 04:52 PM

This is my idea:

•Harder Encryption: Increased intervals which depend upon the Encryption Rating (ER) and the decrypting System Rating (SR):
ER Interval
< Half SR 1 Combat Turn
> Half SR 1 Minute
= RS 5 Minutes
> RS 1 Hour

Posted by: Rand Jul 21 2010, 04:52 PM

This is my idea:

•Harder Encryption: Increased intervals which depend upon the Encryption Rating (ER) and the decrypting System Rating (SR):
ER Interval
< Half SR 1 Combat Turn
> Half SR 1 Minute
= RS 5 Minutes
> RS 1 Hour

Posted by: Rand Jul 21 2010, 04:52 PM

This is my idea:

Harder Encryption: Increased intervals which depend upon the Encryption Rating (ER) and the decrypting System Rating (SR):
ER vs. Interval
ER< Half SR = 1 Combat Turn
ER> Half SR = 1 Minute
ER= SR = 5 Minutes
ER> SR = 1 Hour

Conversely, the system rating could be the decrypt program rating instead. I think that might be better.

Posted by: hobgoblin Jul 21 2010, 05:19 PM

and thats different in practice from unwired's strong encryption, how exactly?

Posted by: sabs Jul 21 2010, 05:42 PM

Strong encryption says:

Time Spent Encrypting = Interval for Decrypting (Max 24 hours)

example:
I spend a day encrypting file X using a Rating 5 Encryption program. (like say SiN information)
Hacker Bob grabs the files and decides to try and decrypt it.
Hacker Bob rolls an extended test using his computer+decrypt dice pool (including cyber, bio, optimization bonuses)
Threshhold: 10
Interval: 1 day

if I spend 6 hours encrypting file Y then it becomes:
Threshhold:10
Interval: 6 hours.
The rating of the decryption program has no bearing on the threshhold or interval.

Hacker Bob has 18 dice roughly
In the first example it takes him: 2 days to decrypt the file
In the Second example it takes him: 12 hours
If he gets lucky, or spends edge, he can easily get it in one go.

Strong encryption can only be done on Files and possibly Nodes, but never on Signals.

Posted by: Yerameyahu Jul 21 2010, 05:45 PM

I might even want to tweak Strong Encryption to the defender's favor a little more. Maybe (2*Time Spent)=Decrypt Interval? Anyway, whatever is fun for your game. You can even use them together, weak and strong.

Posted by: sabs Jul 21 2010, 06:02 PM

I was thinking it's an interesting way of getting hackers into the meat, and doing more social hacking.

Most real nodes, are strong encrypted.

To hack in from the outside, first you have to break the encryption wrapper.

So, lets say you want to get into Bank of Fragal's network via their matrix portal.

1) hacking+decrypt(or computer+decrypt) against their Encryption*2 with an interval of day.
2) hacking+exploit
3) entry allowed.

Once you're in you have an account and the node is on the fly decrypting for you using the key. So unless there are sections or files that are specifically encrypted with a different key. You're all set.

Lets say you don't have two weeks to decrypt and then slow hack your way in.
You use social engineering.
1) you find a sysadmin or security spider who works from home and you obtain his commlink and direct hack it, or hold a gun to his head while he gives you his encryption keys/access tokens.
2) You get inside the building, and access the node directly.

Allow hackers do to things like:
use hardware+decrypt to build a decrypting gadget that someone just has to plug into a terminal/local commlink/nexus.
A logic+hardware to modify someone's commlink to store and send images of everything that passes through it to a secondary node.
Basically allow hackers to build little gadgets to give them the ability to get around such problems, but that require being in the meat.

Hacker infiltrates a building, and finds a nice wire/junction area to setup in. He taps some matrix fiber, the electrical grid, attaches a gadget into the elevator junction box. Attaches a gadget to the video feed. Voila, he's in. Give him a giant bonus for taking stuff over in the building, or say that the gadget lowers the threshhold or intervals. Depending.

This means that wide spread, I hack from home, is rare, and slow. Only the very best do it, and it takes them /weeks/ to get into certain places.
Shadowrunner Hackers specialize in: Overwatch, In the Meat data infiltrations, and the like.

Posted by: Yerameyahu Jul 21 2010, 06:07 PM

Ditto. Social engineering is a fun element.