Possible "fix" for SR encryption., maybe Options

[Moon-Hawk]

[kzt]

[Blog]

My GM is using the following changes.

Limit of Electronic Warefare in rolls
Threshold of Rating x3 (potentially x2+3 but i think we are sticking with 3)
Some time increase that I dont remember

Its making it harder but not impossible. I'm playing a technomancer and threading gives me a large advantage on this already.

[Faradon]

I like a lot of the thoughts in this thread...

I really like the OPs idea of the increased time per attempt... what this represents in my mind is that if they are using common / easy to break crypto (like WEP) and you've got the software / exploits to break it... poof, broken. (a good roll vs a weak encryption during combat)

Then, if they have slightly better encryption, perhaps you get it that next go-around (or just get lucky vs slightly better / unlucky vs the crappy stuff).

And it scales up from there...

This solves the problems with that stupid encryption from on the run where players aren't allowed to break the 2nd level of the encryption... and puts a reason why.

You could combine the levels together (adding difficulty to the 2nd layer from the first) and they will either hit their max amount of attempts due to their skill cap or give up due to the time involved at 1 day per attempt at that point.... either way it keeps the plot moving without having to "cheat" as a GM.

Even at the day per check though, it does show that eventually all encryption can be broken (which is very true)... you just have to put in the time / resources.

[Moon-Hawk]

Basically, however you set the intervals, with all ratings/skills equal you can expect the encryption to be broken on the 3rd roll, and broken on or before the 4th roll ~80% of the time. This is true for response/decrypt/encrypt of 1, or response/decrypt/encrypt of 7, and anything in between, as long as they're evenly matched.
I placed my 3rd roll at 1 minute and my 4th at 1 hour, but adjust these however you need to so that encryption is as breakable as you want it to be, and mismatched levels of hacker vs. encryption will make it trivial or secure, as you wish. I thought 1 minute to 1 hour was pretty good for what I perceive the feel of SR encryption was supposed to be, but YMMV.

[Blade]

If you want to be more precise, you can use different values/rules for :

- encrpyted files
- encrypted secure communication (between two devices that are configured to exchange encrypted data (with keys exchanged before the communication), for example between your commlink and your bank)
- encrypted standard communication
- encrypted nodes

Why bother with this ? Because sometimes it's more thrilling if you have to wait some minutes/hours/days before decrypting a message (and you don't have to decrypt it on the fly), because a hacker should be able to hack an encrypted message from someone to one of his friends without too much trouble but shouldn't be able to decrypt secure payment data that easily.

It might not be easy to find a streamlined way to do this, but I'll think about it.

[Moon-Hawk]

True. Also, you could use the above system (possibly with an adjusted scale) and just give constant threshold modifiers based on the type of thing encrypted.
i.e. Standard encrypted communication -1 Threshold
Files +1 Threshold
Nodes +2 Threshold

[Blade]

Yes, except that I'll give lower modifier for nodes, as node decryption should slow down the hacker. If it takes 3 days to break it, you can forget about hacking nodes on the fly (and that's no fun :( )

You could also have modifiers based on the available data :
i.e. (values are arbitrary)
* you know some elements encrypted in the files : up to +4 (depends on the amount of data you know)
* multiple files/data stream encrypted with the same encryption : +1 per file/stream
* especially short file/stream : -4
and so on...

[Moon-Hawk]

Sure.
Yeah, good point about node decryption. I was just pulling numbers out of my arse without thinking about them.

[Serbitar]

So, here is a calculation for SGM 1.0

Axioms:
- threshold for breaking encryption is 4 x rating
- logic + electronic warfare limited by decrypt is used
- hits beyond decryption are halved (round up)
- limit of skill +1 rolls for extended tests

We have the:
- (A) corporate joe hacker: Logic 4(5), electronic warfare 3, decrypt 6, cold VR: 8 dice (2.66 hits)
- (B) standard runner hacker Logic 5(7), electronic warfare 4, decrypt 6, hot VR: 13 dice (4.33 hits)
- © 1337 h4Xx0r Logic 6(9), electronic warfare 6, decrypt 6, hot VR: 17 dice (5.66 hits, 5.33 hits due to cap effects, estimated)

in addition we have the implant X, which gives you 1 extra hit per test which is not capped.

Aims:
- decrypting should be not impossible, but sometimes (when not using edge for example) fail
- decrypting traffic should take much less time than decrypting static data


acceptable times for decrypting traffic: 1-5 minutes
acceptable times for decrypting static traffic: 1-5 days

proposed intervalls (number of intervalls till next):

pass (4)
turn (5)
15 seconds (4)
minute (10)
10 minutes (6)
hour (6)
6 hours (4)
day (7)
week (4)
month (12)
year

traffic starts at "pass" - 4 tries before unacceptability
static starts at "minute" - 5 tries before unacceptability


Rating 3 encryption averages(threshold 12):

A - traffic: fails (not enough rolls) 60% of the time
B - traffic: 15 seconds
C - traffic: 3 seconds

A - static: fails (not enough rolls) 60% of the time
B - static: 1 hour
C - static: 10 minutes


Rating 5 encryption averages(threshold 20):

A - traffic: fails (not enough rolls) 99%% of the time
B - traffic: 10 minutes
C - traffic: 1 minute

A - static: fails (not enough rolls) 99%
B - static: 1 day
C - static: 6 hours


Rating 6 encryption averages (threshold 24):

A - traffic: fails (not enough rolls) 100%
B - traffic: fails (not enough rolls) 55% of the time
C - traffic: 1 minute (45% 10 minutes)

A - static: fails (not enough rolls)
B - static: fails (not enough rolls) 55% of the time
C - static: 6 hours (45% 1 day)


With implant X:

Rating 5 encryption averages (threshold 20):

A - traffic: fails (not enough rolls) 80%% of the time
B - traffic: 1 minute
C - traffic: 15 seconds

A - static: fails (not enough rolls) 80%
B - static: 6 hours
C - static: 1 hour


Rating 6 encryption averages (threshold 24):

A - traffic: fails (not enough rolls) 99% of the time
B - traffic: 1 minute (45% 10 minutes)
C - traffic: 1 minute

A - static: fails (not enough rolls) 99% of the time
B - static: 6 hours (45% 1 day)
C - static: 6 hours


Comments, Ideas?

[Blade]

How do you consider node encryption ? I guess it's traffic (hacking on the fly wouldn't be possible otherwise).

I think that it's a bit to hard to decrypt. Corporate Joe Hacker should be able to decrypt average encryption (rating 3) more easily and should be able to break rating 5 encryption (even if it's harder)... Someone with 8 dices is quite skilled. Maybe encryption rating * 3 threshold would be better.

I'd also consider adding threshold modifiers as I proposed in this topic.

Apart from that, I like it.

[Serbitar]

in my SGM I rule: Nodes can not be encrypted, only data can be encrypted.

Furthermore: if you let Joe Corporatehacker hack Rating 5, then we are back to RAW where everything is easily hackable.

[Blade]

Too bad, I like the idea of encryptable nodes that slow down the hacker.

I just want to let Joe Corporate Hacker have a chance at hacking rating 5 encryption (even if it's just 25%)... But that could be done, if Joe goes for HotSim and if you add some of the modifiers I talked about...

[Serbitar]

I dont think that hacking is too fast. Its more the opposite.