Possible "fix" for SR encryption., maybe Options

[Moon-Hawk]

A lot of people are upset that encyption in SR is either trivially easy to crack, or the GM just declares that it's impossible, and there's basically nothing in between.
I suggest a slight deviation from the basic mechanic, and the streamlined system.
Are you ready:
An extended test with a variable interval. The first test takes 1 action. The second roll takes 1 turn. The third roll 1 minute. The fourth roll takes 1 hour. The fifth takes 1 day. And so on.

Now admittedly, the core mechanic does not allow varying the interval on an extended test, but I think it's a pretty minor change.
Is this a decent fix? Terrible idea?
I'd like some help figuring out how many steps there should be; how fast the intervals should increase. If they increase too quickly it'll take too long to break encryption, making the game too realistic and thus not fun. If they increase too slowly, then it only slows the problem down slightly but any punk can still break super-encryption in a short time.
Um, help? Thanks!

[BlueRondo]

I have no idea how well it will work, but it's certainly not too complicated/doesn't deviate from the core mechanic too much. So I like it in that sense.

[blakkie]

That's an interesting way to approach it, and it has it's merits.

But I'm going to have to reiterate, one more time ;), my disagreement with 'a lot of people'. The answer is right there in the book. Limit the Extended Test rolls to 4 (or 3 if you want to tip it somewhat in favour of Encryption rather than Decryption) and you get a good spread of results of crackable/beyond your ability.

[djinni]

the problem with that is the encrytpion system in SR4 is SUPPOSED to be insanely easy to crack.

[kzt]

Given how awful most people's selection of encryption keys/passwords that's not unreasonable as a general idea. Essentially you'd start with a fairly huge set of commonly used passphrases and variations on them and see if there is a match. That takes a fairly trivial amount of time if you understand the systems encryption.

Then you run a much larger set against it and see if it works, which takes some time. Then you get into brute force, which can take a very sort time or off into roughly infinity depending on how effective the keys are.

So you can typically expect to break into the average home router in a matter of a minute or less and you can expect to spend until the heat death of the universe trying to break the system used for controlling nuclear weapons. Unless you go and steal the keys, that is. This allows you to trust that an signed encrypted email from your fixer probably from who it says or from someone who has stolen his keys, not from Joe Random who cracked and forged messages to amuse himself.

The key to make this work in that game would be to make the encryption setting reflect not the program used to encrypt but the amount of care used in selecting, managing and changing keys. Effectively managing encryption is a lot of effort and in a significant sized organization doing it well is very expensive.

You'd probably need to play with the the way successes are generated by decryption vs encryption levels such that it produces an interesting set of effects, which I'm not sure they would do right now.

[Moon-Hawk]

[blakkie]

[Moon-Hawk]

With the schedule I have laid out in the first post, it means a super-great hacker with awesome programs will beat the best encryption in about a minute, or an hour at least 80% of the time, without using edge.
Someone with ratings of 3 in everything relevant would usually run up against the extended test limit and never make it, if you're using them, or very likely take at least a month if you're letting them roll as many times as they want, but could typically make it past rating 3 encryption in the 1 minute to 1 hour range as well. Again, without edge.

Hmmm, I don't know. I know encryption is supposed to be weak in SR4, but I wish it could be a problem, instead of an annoying speed bump that tends to feel like an unneccessary roll that just wastes time.

[Blade]

But do you consider that each data is encrypted with the same encryption ?

For example, I'm communicating with my teammate through an encrypted channel. A hacker is trying to decrypt our messages.
I speak for 3 seconds. The hacker gets the data, and spends 3 seconds decrypting it. My teammate answers. Is it the same encryption method ?
If it's not, the hacker will be able to decrypt each message, with some latency between the message and his getting it.

For verbal communications, it isn't that much of a problem. But it becomes more interesting when interacting with drones. If you can't decrypt the signal quickly enough, you won't be able to alter it (rules state that you have to decrypt the signal before being able to do anything on it).

Encryption isn't exactly supposed to be weak. It's supposed to add some exciting elements. The hacker has to be able to decrypt some communications while not being able to decrypt something very important too quickly. It should also be possible that the hacker ends up being unable to decrypt a very important communication. Problem is, you have to find a rule that covers all these events without making it look like "GM doesn't want the code to be broken".

[Moon-Hawk]

Well in order to change the encryption we'd have to broadcast the codes, which would defeat the purpose. So yeah, I'd assume successive commands are all using the same encryption, same as now.
Now, if you run into a team on one day and sample their communication and break it, then find them again the next day, it might not be the same anymore.

[djinni]

[Blade]

But you can have a series of codes, defined prior to the encryption (a bit like one-time pads). This way, when you register to your online store, you are asked to connect through a secure connection (ie. a cable connecting directly to a terminal in a physical store) and your commlink exchanges encryption keys with the store node.

Then, each time you purchase something on an online store, you use different keys fo each data packet. When you arrive at the end of the list, you are asked to register once again through a secure connection to ensure maximum security.

If you apply this idea to team/drone communication, you can end up with a system that forces hacker to spend more time decrypting the signal (basically waiting for the same key to be used several times to have enough material to perform decryption).

The problem is that, due to the absence of storage limit, nothing prevents user from having insanely long key list to prevent the same key being used twice and that may lead to undecryptable systems...

[Rotbart van Dain...]

[ShadowDragon8685]

You could always use the cheezeezee way of encryption outlined in On the Run...

Use 30-year-old double-encryption technology. Find someone who sells 30-year-old communication cyber. Double-encrypt it such that if you remove one layer through a brute-force attack, the other is rendered so meaningless that not even the original code will decrypt it....

Yeah, it's bullsh, but I figure if the DM can do it, so can the players. :)

[kzt]

[eidolon]

[kzt]

[blakkie]

[eidolon]

[Serbitar]

I like the approach.
Though the numbers could be tweaked . . .

But it is also very practical to do the following:

- threshold to crack encryption is 4xrating
- interval for streamed data is 1 minute
- interval for persistent data is 1 hour (or 1 day if you like)
- limited to "electronic warfare skill +1 (or decryption program rating +1)" rolls

Does the job quite well.

Ther general problem every optional decryption rule in SR4 has: its response+decryption, so you could always just just 10 comlinks . . . So I would make it electronic warfare + decryption or even logic + electronic warfare limited by decryption.
Maybe unrealistic, but does the job.

[OneTrikPony]

Moon-Hawk

[RunnerPaul]

[hobgoblin]

thats because big mama corp do not have a TM on life support hooked up to their networks, running hash sprites on every bit of data available...

[Garrowolf]

Okay I have a few ideas to throw in here.

First off lets start with decryption tests being threshold tests vs the encryption level + other difficulties. Not an extended test. You could make a test every interval but it is success or failure. That way it will not necessarily always be solved.

Other difficulties could be making the correct assumption on what language is being used. If you tell a computer that you are decrypting Japanese but really it is Swidish then it will make things more difficult.

You could increase it based on being encrypted multiple times and such. It could be more difficult if it has a changing key, etc.

Now the threshold that you end up generating could determine the interval for tests.

Finally you can make it where a decrypt must be equal to or higher level then the encrypt to do it in a combat time scale. Other wise it goes much higher in the time scale based on that difference.

Basically think in terms of that movie Sneakers about a math formula that allows you to break high level encryption because of the laws of math. Add in the program noticing which encryption program was used and exploiting known patterns that it uses.

Then the roll would be versus this threshold and not against any kind of successes from an encryption roll.

[Ryu]

Consider this:
-breaking signal encryption is a single test with threshold=rating (1 complex action)
-breaking data encryption is also a single test, but has an interval based on password type and parts of the needed code


Advantage:
-easy
-enables using the search for parts of a passcode (ie images) as plot device
-gives different types of passcode meaning


Which interval times would be good? High-end passcodes should take a few weeks if no extra help is present.