his biggest problem with franktrollman's rules have nothing to do with encryption. over and over and over, it has been pointed out that frank went to all kinds of trouble to introduce realistic (and unbreakable) encryption, but then went ahead and introduced the ability to modify electrical devices using RF waves from a distance of line of sight, including turning them on. i haven't noticed anyone objecting to the realistic nature of unbreakable encryption being accurate, can you point out where anyone has actually said they found frank's rules for encryption to be innacurate?

The subtle point is Frank is talking about the actually, really, truly, absolutely unbreakable OTP. It's not "unbreakable before the sun eats earth like a delicious sweetmeat", OTPs cannot be broken with anything less than a full blown oracle. That's the problem with Malachi's argument. Faster decryption can't help when something can't be broken through cryptanalysis.

When I point out that Malachi's argument is not sound he proceeds to launch into a tirade about how OTPs are not currently broken. Which is just wrong. Like I've mentioned millions of times. I'd even linked him to the Wikipedia article before he started that line of argument. When people appear to say "dude, it's just a game" they're wrong because Malachi started arguing about Mathematics when he started saying that OTPs are even theoretically breakable.

Mathematical theorems are proven wrong by technology everyday. Not that the guy who wrote the proof got it wrong, but the guy who read it forgot some hypotheses and tried to apply it where he shouldn't have. There are plenty of exploit examples in the wikipedia link you just gave:

- OTP is safe for random pads. If you're using a pseudo-random generator instead, nothing guarantees that the generator itself cannot be cracked, thus granting the attacker knowledge of your future pads.
- OTP is not a full protocol. Putting a OTP in a system does not magically make the whole system secure. Actually, it's pretty much the opposite. You need at least 1 other safe algorithm for OTP to work, because the pad itself will have to be sent at some point (for that matter, let's consider tattooing the pad on a slave's skull an algorithm (IMG:style_emoticons/default/grinbig.gif) ). This is the main reason for OTP not being used for digital cryptography, not the cost. As long as the pad and the data are transmitted through the same channel, the gain is null. Now you'll probably answer with quantic safe pad generation, but then we leave the comfortable world of mathematical certitudes to enter physics where a model is only valid until further experience proves it incomplete. What tells you quantum cryptography will still be safe in 2070?

I will bite...

Just because information is free and on the internet (Wikipedia or otherwise) does not make the information factual... I too do research, and enjoy it immensly, however, I do not automatically assume that the information found on the Internet is reliable and accurate without cross referencing over many sources... Because of this, i tend to take related links with a grain of salt until I have researched their veracity, as I am sure that you do... Many people do not get off on this type of research and so do not pursue it... It is not that big of a deal... and even so, they sometimes do have arguable points that I would consider...

Secondly... Frank's ideas are not, in my opinion, nor apparently in a lot of other's opinion, Canon Rules for the Sahdowrun environment... they are Personal Hacks/Houserules that he enjoys for his own edification... No reason to get all bent out of shape (on either side) because they have no relevance to the RAW of Shadowrun... They are personal preference... Everyone has their own preferences, some of which make a lot of sense, and some which do not... Your Mileage may vary, of course...

Hope that I don't upset you with this viewpoint, but there it is...

My 2 (IMG:style_emoticons/default/nuyen.gif)

Unbreakable Encryption would destroy a valuable part of the world of Shadowrun... It has no place in the environment... If you want stronger encryption schemes, use the optional rules in Unwired and relegate the Hacker to a nonentity status... Yeah, that would be a lot of fun, wouldn't it?

Okay, lets just get this out there. Well implemented one time pads are unbreakable.

As for pad transmission - storage is free in SR. You can just give someone a stupidly huge pad physically and they can make voice calls to you for a hundred years.

Again, Why Bother?... It is Not supported by the system... ALL Encryption can be broken per the SR4 Rules... It is just a matter of a few seconds work...

Just rolling some dice is boring. When you actually have to think the game becomes interesting. Let's face it - Encryption is really just a pointless delay (more rolling between me and getting to actually do stuff), or it nukes all chance of doing anything if you forgot to buy the program and can't afford to buy it now. It doesn't actually add anything to the game. Why do we have it at all?

Some of us look at a challenge and say "I have a better idea". Since Encryption is basically just a cost-to-attack increase it just incentivises finding a better way to attack the organisation. The cost of unbreakable encryption over breakable encryption is, I think, smaller than the cost of having encryption represented in the game at all over having none. At least according to your argument.

A hacker that doesn't use social engineering to attack the target is being lazy.



So refer to Everything2 and Google. I also know a cypherpunk, who schooled me in the arts of basic crypto. OTPs are Mathematical fact. You can also check the history of edits (and what the article looked like before and after) on Wikipedia, so you can see how controversial a topic is (controversial topics tend to be more unreliable). Mathematical and Scientific topics on Wikipedia tend to be very reliable because there's no room for controversy when something is emprically observable or just factually correct.

I'm not even sure why Malachi brought up Frank's rules. Except that he might have remembered that I happen to like Frank's rules, partially for their willingness to delve into real world topics and how they affect game worlds, and partially because I happen to like how Frank is willing to be honest about why he made some of the choices he did.


Did you not see the bit where I explained that Malachi stopped arguing about SR4 the moment he claimed that well implemented OTPs were theoretically breakable? That's the domain of Information Theory, Cryptography, Mathematics. If I said that bits of flying metal were not inimical to human life you'd tell me war stories about friends who'd gotten shot and died. How is it different when it's Information Theory instead of bullets? Why this double standard?


In SR4 land the world seems to forget that OTPs exist, and I am willing to hammer the I Believe button. My original post introduced a better way of handling cracking encryption that removes some of the abuses without wall-banger rules.


Also,
Malachi's point might have been aimed at Frank's EUE. In which case he's still wrong. With an increase in processor speed you can begin using more computationally intensive algorithms with horrendous keysizes and just as much work goes into building a better mousetrap when the old one is broken (or even slightly tarnished) as goes into breaking the old mousetrap. EUE won't stay still, it'll be just as annoying to break tomorrow as today. Possibly harder since they'll have had more experience and there's serious signs that progress is accelerating. It generally takes more effort to produce a good crypto attack.

It wasn't a decade ago that we were using DES as a high security algorithm. The advance in processing technology hasn't made Encryption any weaker to cryptanalysis. In fact, they're generally getting more resistant and I can see that trend continue.

Yes, things we prove factually now will never be disproved. Because we got the maths and science down pat this time. Because yeah like 60 years in a Science Fiction future they totally could never figure shit out that we thought was impossible. Malachi's point wasn't that in real life it would or should be breakable in the future, but that sometimes people invent shit and figure things out we never thought of and while its not a would its a could be possible, especially in a Fantasy game future. .

I agree with this... there are always ways to obtain access without having to go the route of decryption... Sometimes though, it is the easiest route... Remember, Encryption is just a speed bump in the hackers path... that is all it was meant to be in the game...




I would also tell you stories where I have seen people shot to hamburger that have survived... it is all relative...



I am not arguing the reality of OTP Encryption... just that it does not need a place in SR4 for the hacking rules to be playable... I think that they are imminently playable as they are, and have been using the MAtrix RAW since SR4 game came out... I (nor our group) have had any problems with the RAW...

Just my Opinion though, as I know that not everyone agrees...

Up to what the GM deems reasonable.

What were we saying before? (IMG:style_emoticons/default/rotate.gif)

Anyway, as long as the pads are exchanged physically, the system cannot be deployed for public use and will be reserved for high security areas. This is exactly what Dramatic Encryption stands for.

Another reason for OTP rarity could be the price of pad generating. Pads are huge, thus any long term dependency in the random generator that would not be a problem under normal conditions might flaw the pads. One might have to resort to high class hardware generators.

Last I checked we're playing a game about people who go violate high security areas for money. That's what being a 'shadowrunner' is about right. Just getting us on the same page here.

Talking about people outside of high security areas or security conscious professions is functionally the same as talking about people who don't exist for all it matters.

There is high security and HIGH security. According to OTP's Wikipedia page, one of the most recent uses of OTP was to secure the red phone. I don't know exactly what would be the equivalent to that in 2070, let's say the communications to Zürich Orbital. Do shadowrunners really get to infiltrate that kind of security on a regular basis?

Not casually anyway... Not if I want to keep my gray matter inside of my skull...

Alright, we have to break this down into game terms:

No security:
- A guy talking to another guy over the phone.
Low security:
- Day to day encryption of the general public
Medium security:
- Small business company records of non-incriminating nature
High security:
- Triple A corp personnel records
Super high security:
- AAA R&D papers
Unbreakable security:
- Zurich Space Station

In general runners will be dealing with medium to super high security, depending on the job and their experience. The game needs to function within these bounds while allowing for higher and lower options.

As written there are three effective levels:

None, Low, and Unbreakable.

The guy on the street who wishes to keep his personal dark secrets a secret from his ex-wife can go out and buy
Encrypt Rating 6. A tad pricy at 6000 (IMG:style_emoticons/default/nuyen.gif) , but he can do it.

What do Triple A corps have access to? At best Rating 9, by RAW. You'd think that'd push it up towards Super High security, but it doesn't. It gives us "Medium," any PC hacker with Rating 4 Decrypt can crack rating 9 Encrypt given a few minutes. If he only has Rating 1 Decrypt, it takes him a half hour, tops.

What it is that makes a half hour deadly? Black IC, unfriendly hackers, cybercombat.

Which makes the system devolve into a series of sub-systems derailing the game at the table into a four hour session as the PC has to repeatedly fight off ice and other threats.

This isn't good.

maybe you should read the second half of the quoted sentence: he has problems that frank spent so much time going on about how realistically encryption should be unbreakable, (notice the lack of a period or other punctuation denoting a new, separate idea. given the lack of any such punctuation, logically we should assume that the following is not just something he randomly said, but is rather related in some way) and then went ahead and introduced a rules system that assumes you can control devices through RF, regardless of whether they are wireless-enabled or not, turned on or off, and even regardless of whether or not they run on electricity. ie, he went to all the effort of hammering on unrealism in encryption, and then proceeded to introduce rules that require far more suspension of disbelief than poorly modeled cryptography will cause for most people.

unless of course you're suggesting that current theories show it's easy to turn on a computer with your cellphone from 100 meters away when that computer is not even attached to a power supply and has no wireless capabilities whatsoever. in which case, i would encourage you to check your sources.

Part of his point is that it's very easy to accept 1 new fact if everything is consistent with that. He adds electron teleportation with a range of LOS to the game if using biomechanical computers, and everything flows from that.

The problem with changing something that that actually exists is that 'we all know how it works.'

Note that he explicitly rules out RF as the transmission medium for high density signal and say it's something new made of handwavium.

However, really it boils down to a lack of internal consistency is the main problem with the matrix rules - and it applies for encryption. If encryption doesn't work, the system doesn't work. If it does work, why are PCs and 90% of people issued with the non functional version?

I had no idea what you liked or didn't like. Me bringing it up had nothing to do with you.


My point is: I find it.... difficult that Frank's rules give hackers an almost magical control over technology (affecting it while it is off, or manipulating it on the molecular/quantum level via EM waves) and yet the rules are so grounded on current technology thinking about the speed with which Encryption can be broken today. If sci-fi level technology is to be believed for game mechanics reasons on one aspect of a game, it seems odd to completely dismiss a game-mechanic favourable result in another area.

We used to KNOW that you couldn't sail around the world. It was widely accepted fact.
We used to KNOW that you couldn't break the sound barrier.
We used to KNOW that there were nothing smaller than electrons.

Each of these were factually correct in their time, with the knowledge we had at our fingers. Even theories didn't break the "facts." Eventually, time has proven each wrong. Right now, there is unbreakable encryption via OTP's. Every theory we have shows that to be factually true. Regardless of that, 60 years and we may have multi-level quantum computing able to determine every possible PAD for the item in question, measure the entropy involved, use it's own random generators or something, and determine most likely possible keys to try, thus allowing the breaking of the encryption.

Is it far-fetched? Sure. Plausible? Barely. Does it matter one little bit? Not in the least. Why keep arguing about it?

We also know that 2 + 2 is 4 and has always been true, it's a mathematical fact.

We're not going to discover in 60 years that 2 + 2 is 5 all of a sudden.

Regarding the OP... Wouldn't the easiest solution be to just not have the NPCs do the reconnects? It sounds more expensive or more complicated than not reconnecting, therefore just assume that the corp won't spring for it. Maybe the people communicating don't understand that cycling re-connections is safer. There could be a world of difference between what the mechanical rules for a setting are, and what an NPC believes.


As for the whole OTP arm waving stuff. Saying something is *impossible* is a really good way to make yourself look stupid eventually. I'm pretty sure that dividing by zero is impossible by definition. Yet then you've got that troublesome calculus stuff which lets you do exactly that.

Just like I'm sure that someone 60 years ago would have told you that something like CDMA was crazy talk.

No, because they have to communicate using a channel you have already decrypted. Once you do that you can simply grab the OTAR packets and rekey yourself.

To reset you have to use an out-of-band communications to rekey.

calculus doesn't let you divide by 0. it lets you figure out as you progressively get closer and closer to 0 (but never quite reaching it) what number you're getting closer and closer to (but never quite reaching)

If I have two numbers, A and B and I add them together and tell you the result, C, knowing nothing else it is impossible to derive A and B.

Try it.

C is 112

Hint: there are more than 112 solutions.

Each of these is a childish misrepresentation of knowledge at the time.

No one used to be willing to risk their lives on an attempt to sail around the world, when regular sailing was dangerous enough, and there was no money in it.

Breaking the sound barrier with propeller driven aircraft does appear to be almost impossible, but at the time the Bell X-1 was being developed, bullets had been going faster than sound for around 100 years.

"Electrons appear to be elementary particles." is a considerably different statement.