My Assistant
Site Message
(Message will auto close in 2 seconds)
  |
 Wireless, ok why? |
 Jan 30 2006, 06:18 PM
Post
#26
|
|||
|
Great Dragon  Group: Members Posts: 5,486 Joined: 17-March 05 From: Michigan Member No.: 7,180  |
Especially since someone with hacking 1 and decrypt 2 can do it fairly reliably within an hour. (Ignoring his odds and the results of glitching for the moment) |
||
 |
 
|
||
|
Jan 30 2006, 06:18 PM
Post
#27
|
|
|
Running Target Group: Members Posts: 1,150 Joined: 19-December 05 From: Rhein-Ruhr Megaplex Member No.: 8,081 |
Could be ;).
But i stand to my last statement (the one referring to Shadowrun :D). |
|
|
|
|
Jan 30 2006, 06:24 PM
Post
#28
|
|||
|
Moving Target Group: Members Posts: 909 Joined: 26-August 05 From: Louisville, KY (Well, Memphis, IN technically but you won't know where that is.) Member No.: 7,626 |
Well, first off you should have all your gear equipped with skinlink. This is technically "wireless" in that there are no wires but your body acts as the connector so it is still a hardlink. 'Runners, and really anyone who can afford it, should run encryption on all devices. Now the 'when to use wireless' is really a matter of EMCON - emissions control. When do you want to be stealth? Sometimes stealth is bad, like when walking around a high-security corp enclave where you need to broadcast your SIN (see the hacking example in SR4). There you want to blend in and have the normal RF traffic around you. Other times, like deep in the heart of a black op, you want all your radios turned off. It all turns into a risk assessment. Is the risk of discovery counterbalanced by the advantages of slugging your video feed to the rest of your team? How much do you want that fire-support drone on the mission? If things just went pear-shaped will you make things better or worse by notifying the rest of the team? There are Joe-Average advantages to wireless gear. Service and maintenance logs can be transferred automatically. Software updates should be done on the fly. And perhaps most importantly, if you spot a hot girl in the club you can zap her image over to your pals. |
||
|
|
|
||
|
Jan 30 2006, 06:25 PM
Post
#29
|
|||
|
Target Group: Members Posts: 55 Joined: 7-October 02 From: A figment of you imagination Member No.: 3,423 |
Of course the key is stored in the item and the commlink. But why are you running with your commlink open to connections? And moreover the hacking the commlink is going to be just as hard. Well, that depends, if you use the rules it's going to be silly easy. If you went with reality it's going to be nigh impossible. Given properly written and properly set up software (not windows) a computer can be made almost unhackable. All hacking attempts on current computers (at least on unix machines) exploit bugs in the software most of these bugs are fixed within days if not hours of being found. For a significant tradeoff in performance most of these attempts can be caught by software running on the targeted machine, while this tradeoff (basically running the software in a virtual machine doing heavy security checks) is too expensive for modern day internet servers I wouldn't be surprised to see a security conscious street sam doing so on his commlink, after all he's not going to need the processing power, and having a setup that closes all connection to the outside as soon as an intrusion attempt is detected (by the virtual machine). Moreover something like a smart gun smartlink pair has no need to be connected to your commlink, after an initial manual pairing (punch a key into the gun and into the smartlink) the pair can be completely autonomous. Also there is no reason for any of the keys for each pair to be the same or for them to stay the same for any length of time over a few seconds. In the post above I forgot to mention the massive bandwidth needed to transmit 10^10 256bit keys every second, something like 2^38 bits/second (just shy of a Tb/s) |
||
|
|
|
||
|
Jan 30 2006, 06:30 PM
Post
#30
|
|
|
Moving Target Group: Members Posts: 371 Joined: 10-January 06 From: Regina Member No.: 8,145 |
Ok then, in your games computers are unhackable. Rip out the Hacker archetype and most of the Wireless World section of your rulebook and move on. Simple solution.
|
|
|
|
|
Jan 30 2006, 06:39 PM
Post
#31
|
|||
|
Target Group: Members Posts: 55 Joined: 7-October 02 From: A figment of you imagination Member No.: 3,423 |
It dosen't matter how much faster optical processors are. Every time I add another bit to the key I double the work you need to do to decrypt it. So what if optical processors are a few millions times faster, if you look to my post above you'll see how much difference going from 10^10 to 10^20 attempts (a 10 billion fold increase in processing power). For all practical purposes the difference it's nil. RSA keys are products of prime numbers. A secret key algorithm can take any of the 2^n (where n is the length of the key in bits) possible keys. It's also quite possible that different keys will encrypt different messages to the same encrypted message adding all kinds of fun to bruteforcing attempts. If P proved to be equal to NP that would bring all kinds of fun, I agree. Finally, yes I know it's a game. Play however you wish, my posts here have 4 purposes: 1) Point out that it's perfectly resonable for GMs to be a lot harsher on the hacking rules 2) Clear up misconceptions about real life encryption as opposed to the game encryption, it really annoys me as a computer scientist to see people carry them on 3) Make you aware that a following those rules are lot more far fetched than the magic ones 4) Bore you to death |
||
|
|
|
||
|
Jan 30 2006, 06:41 PM
Post
#32
|
|||||
|
Moving Target Group: Members Posts: 530 Joined: 11-June 05 Member No.: 7,441 |
There's the rub. The problem is writing "properly written" software. That's easier said than done.
... and that software will have its own set of flaws... The main key here is that you should remember that the sheer capacity c. 2070. Software is like a gas; it expands to fit the container holding it. If we can assume unlimited capacity, we should assume slightly less unlimited software size. There's just going to be so much room for bugs that any given system will likely have thousands of possible exploitable flaws, at least one combination of which will give the desired privilege level. I still say we should just define P=NP for terms of SR4 and leave it at that. |
||||
|
|
|
||||
|
Jan 30 2006, 06:45 PM
Post
#33
|
|
|
Target Group: Members Posts: 55 Joined: 7-October 02 From: A figment of you imagination Member No.: 3,423 |
While the random software you install can be buggy and untestable due to sheer size, a basic virtual machine for security checking is not, hell a java virtual machine almost fits the bill already. Also such software can be specified formally and be proved correct at the conceptual level, leaving only very minor errors. The same thing can be done for firewalls and all the other safety critical software.
And if you are running random s**t on your implanted commlink with open wireless connections during a run, you deserve to be hacked |
|
|
|
|
Jan 30 2006, 06:51 PM
Post
#34
|
|||||
|
Moving Target Group: Members Posts: 530 Joined: 11-June 05 Member No.: 7,441 |
Assuming that the face of software 2070 is the same as it is today. How do you know that a basic virtual machine looks the same tomorrow as today? You're talking 60 years of change; the hardware it's based on probably doesn't even use the same *physics*; it may not even use the same algebras and mathematical concepts. You're making rather strong assumptions when you say that. (And fwiw, JVM is not really the best example of such a beast, given the problems it's had in the past)
Depends on the size of the software. Proving a software design any more complex than trivial to be "correct" rapidly becomes intractable to a human. And while you can prove the design is correct, the implementation can go wrong any number of ways. I can see an AI getting this right (since they seem to be free of such fundamental problems as the halting problem), but any computational device less than an AI, no way. Humans are out also, since they just won't have the processing ability. |
||||
|
|
|
||||
|
Jan 30 2006, 06:58 PM
Post
#35
|
|||
|
Running Target Group: Members Posts: 1,150 Joined: 19-December 05 From: Rhein-Ruhr Megaplex Member No.: 8,081 |
I discussed this with my peers a few week back (incidentally all students of computer science). We came, of course, to the one-time-pad solution. We could build an unbreakable intranet between us, provided enough storage for the key (which, for practical purposes in SR, is a given). The weak point would be interfacing with other nodes, so we would disallow this (so there is no possibility anyone can access the key stored on the commlink). |
||
|
|
|
||
|
Jan 30 2006, 07:03 PM
Post
#36
|
|
|
Target Group: Members Posts: 55 Joined: 7-October 02 From: A figment of you imagination Member No.: 3,423 |
You can do quite a bit of proving on small modules such as let's say the first few layers of a network driver stack. And then testing and more testing and more and more...
I wasn't suggesting using the JVM, but saying that software like the JVM would do the job of providing a virtual machine with strong security checking. While the hardware in 2070 is very different from todays I doudt the thory of computation will have changed much. Turing and Church both developed a theory of computation before having hardware to work on purely on a mathematical basis. As long as computers are computationally equivalent to turing machines I don't see why a virtual machine (which is nothing more than an interpreter for a "programming" language) shoudl change much |
|
|
|
|
Jan 30 2006, 07:16 PM
Post
#37
|
|
|
Moving Target Group: Members Posts: 371 Joined: 10-January 06 From: Regina Member No.: 8,145 |
Okay, let's "pretend" for a minute that someone sometime between now and 2050 came up with a "super decryption algorithm". Basically, some brilliant mathematician came up with a way to break encryption (any kind) much *much* faster than previously thought possibly. So, basically, encryption just slows somebody down now, instead of being an ultimate defense.
After this discovery, computer security became more about countering intruders after they have gotten in, then preventing the break-in altogether. If that isn't any further beyond the realm of possibility than magic and megacorporations are, then you should be able to rationalize Shadowrun. Every see the movie Sneakers? That's basically the premise of the movie. |
|
|
|
 Jan 30 2006, 07:20 PM
Post
#38
|
|
|
Shooting Target Group: Members Posts: 1,635 Joined: 27-November 05 Member No.: 8,006 |
Or let us pretend that encryption is still often implemented and used by people that don't fully understand what they are doing, and that software still gets written and sold with flaws in it.
|
|
|
|
|
Jan 30 2006, 07:30 PM
Post
#39
|
|||
|
Running Target Group: Members Posts: 1,150 Joined: 19-December 05 From: Rhein-Ruhr Megaplex Member No.: 8,081 |
I second that ;). |
||
|
|
|
||
|
Jan 30 2006, 08:15 PM
Post
#40
|
|
|
Runner Group: Members Posts: 2,556 Joined: 26-February 02 From: Seattle Member No.: 98 |
It seems to me that the easiest way to secure your PAN would be to have two of them.
On your "public" PAN, you run a commlink in your mode of choice, usually the one that's appropriate to the environment you're in. This is where you have your ID, some money on a cred account, your public profile... all the stuff people expect to see on a PAN. You could even subscribe some of the basic devices to it... your music player in your jacket, the "flare comp" in your adjustible sunglasses, that kind of thing. Dummies would even be an option... the controls for your smartlink, for example, except they don't actually do anything except trigger an alert when they're fooled with. On your "private" PAN, you've got an ENTIRELY SEPERATE COMMLINK ghosting as hard as it can. You subscribe your important equipment to it, the stuff you don't want hacked. You define the "security sheaf" for it (it's response, as a host, to a detected hacking attempt) to be an alert to you, the user, and possibly rebooting. You define the services it can connect to manually (your gear, the other members of your team, etc), and only open it to the "outside" world by physically plugging it into the "public" commlink. This way, you've got a PAN all ready to go for when a hacker takes a poke at you, you scan as John Q Public in the burboclaves, and it's one more thing that is going to burn a hacker's time before he even thinks to *look* for a second PAN. |
|
|
|
|
Jan 30 2006, 09:34 PM
Post
#41
|
|
|
Moving Target Group: Members Posts: 909 Joined: 26-August 05 From: Louisville, KY (Well, Memphis, IN technically but you won't know where that is.) Member No.: 7,626 |
....aaaand if you'll search the archives you'll see this is a standing assumption.
Good job grasshopper, you've just graduated to "functional paranoid." You are now ready to run the streets with the basic tools required to blend with the masses while still keeping your secrets. Be sure to pick up your RFID tag eraser with your diploma. If you're smart enough to erase the RFID tag on the diploma you get your Master's Degree. If you borrow a buddy's tag eraser to erase any tags on your eraser get the Ph.D. |
|
|
|
|
Jan 30 2006, 09:41 PM
Post
#42
|
|||
|
Shooting Target Group: Members Posts: 1,651 Joined: 23-September 05 From: Marietta, GA Member No.: 7,773 |
Pfft, old hat. Two commlinks, two tag erasers (to erase each other's RFIDs). While school's in session, here's a safety tip: Don't put thermographic in your eyes or contact lenses and then put your smartlink in your glasses... Unless you actually want to see what the inside of your glasses look like to thermo. Same goes for ultrasound. |
||
|
|
|
||
|
Jan 30 2006, 10:10 PM
Post
#43
|
|||
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
plus ca change, remember? |
||
|
|
|
||
|
Jan 30 2006, 11:06 PM
Post
#44
|
|||||||||||||
|
Moving Target Group: Members Posts: 530 Joined: 11-June 05 Member No.: 7,441 |
Yeah, well, like I said -- it rapidly becomes intractable as you diverge from trivial.
I'm sure you know that testing doesn't prove anything when it comes to security. You can test it a million different ways, or a million million different ways, and there's still the possibility of that one outlier that never got tested because it was one in a million million million. If that outlier exists, you can be sure someone with malfeasance in mind will find it in short order.
I understood what you meant. My point was, the JVM is basically designed to provide the same functionality you are describing and it has had quite a few exploitable security holes.
Something non-trivial must have changed to be cracking top-shelf encryption in a matter of minutes.
I see no reason, given the rules on computing in SR4, why SR4 computers are computationally equivalent to Turing machines. Other than "that's the way it's always been done", do you see any reason? If anything, given the behavior of the rules, some fundamental and revolutionary change is *implied*, whether a swap to some non-Turing style machine, or P=NP, or something like that.
Not particularly relevant to the topic at hand, but I'm too pedantic to let it go. Some virtual machines are in fact interpreters for programming languages, but they are generally much more than just that. They abstract the hardware (or hosting application) away and provide a consistent interface to consumer programs and deal with the hardware behind the scenes. In other words, they're basically an operating system. |
||||||||||||
|
|
|
||||||||||||
|
Jan 30 2006, 11:24 PM
Post
#45
|
|||
|
Target Group: Members Posts: 55 Joined: 7-October 02 From: A figment of you imagination Member No.: 3,423 |
Depends on the virtual machine. The above quoted JVM has nothing to do with an operating system (note JVM not JRE) it can in fact be implemented as a hardware chip. another virtual machine, virtualPC is also an interpreter, in this case of i386 machine language. This is the kind of virtual machines I was thinking of. The one reason why I believe computers in 65 years will still be equivalent to Turing machines is because we have found no other model of computation and the 3 models of computation developed independently in the first half of the 1900s (Turing, Church and another I can't remember) apparently completely different, were quickly proved to be the same. Of course I can't predict the future and everything you propose could be true. I just find the required suspension of disbelief much harder than the required for dragons and magic. It's probably just me. |
||
|
|
|
||
|
Jan 31 2006, 03:59 PM
Post
#46
|
|||||
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
well there was the first crash, and the comment about big biz using the downtime to change how the computer worked to better fit their "needs" (most likely drm to an insane degree and whats not). allso, lets rember that in SR4, there are two diffrent skill going around. the computer skill, for those security goons that need to work a terminal now and again. and the hacking skill, it have the same basic things coverd as the computer skill but then goes above and beyond that... but in the end, it boils down to SR being a game. and a cyberpunk game at that. sorry to say, but cyberpunk computer have never been known for the 100% accurate depiction of computer security :P |
||||
|
|
|
||||
|
|
Lo-Fi Version | Time is now: 12th April 2022 - 03:27 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.