Stronger (canon?) Encryption, A possible canon way to make secure comm |
Stronger (canon?) Encryption, A possible canon way to make secure comm |
Dec 18 2006, 10:52 AM
Post
#1
|
|
Moving Target Group: Members Posts: 615 Joined: 26-February 02 Member No.: 1,895 |
Make a decrypt+response (encryption rating *2, 1 combat turn) extended test to break the encryption.
Now encrypt is a program that an agent can load.... (hacking program). Bandwidth is 'near unlimited' What if you hae a dedicated agent, that every combat turn, re-negotiations the encryption with the subscribed device and the uses a simple action to re-establish the connection (since it has a password). A agent could keep three lines 'secure' (three IPs) each phase resetting one (simple action) then reestablishing connection. With how SR works, 'its' actions occur between the intiative of other things, so other users wouldnt be effected (unless doing something that spans phases). somebody trying to spoof the signal first needs to decrypt (the current encryption). Decrypt takes a combat turn, every combat turn the encryption is reset.... Poor evesdropper never gets the 'current code' to actually spoof to actually get in. Now there is constant chatter which isnt going to be 'quiet' but it aint getting hacked even with the best hacker around. |
|
|
Dec 18 2006, 11:46 AM
Post
#2
|
|
Running Target Group: Members Posts: 1,498 Joined: 4-August 05 From: ADL Member No.: 7,534 |
Unbreakable encryption: Undesired
Multiple encryptions: Undesired |
|
|
Dec 18 2006, 01:04 PM
Post
#3
|
|
Runner Group: Members Posts: 3,009 Joined: 25-September 06 From: Paris, France Member No.: 9,466 |
It's possible, but if it renegotiate the encryption, he has to send the new encryption key to the device. It means that if a hacker decrypts one of the encryption, he gets the key of the next message, decrypts it, and gets the key of the next message, and so on.
A way to do it would be to store keys in both devices before sending anything (you get one-time pads, can't be decrypted if used as should be). As for unbreakable encryption being undesired, I don't really agree. I think there a different kinds of encryptions : * encryptions that slow down the hacker (breakable in some combat turns) * encryptions that lead to a search of the code (should be unbreakable) * encryptions that add some tension (breakable in several minutes/hours) * encryptions that should not be easily broken (online banking data, if you want a consistent universe) |
|
|
Dec 18 2006, 09:08 PM
Post
#4
|
|
Moving Target Group: Members Posts: 870 Joined: 2-October 06 From: Athens Ga Member No.: 9,517 |
well I think that there should be two different kinds of encryption.
Short term encryption and long term encryption. Short term encryption would occur in communications that are less complex but changing constantly. Long term encryption would be things over the matrix that people would expect someone to intercept and attempt to decrypt. The short term is much less complex but changes so it is not a matter of once you have decrypted it you have it all. Resolve short term encryption as a threshold based on the encryption rating. If you have the decrypt at a higher level it can negate the encrypt. At the same level or lower you would have to take an action each turn to lower the encryption with a roll. It would basically eat up some of your time. Maybe include a rule in there so if your decrypt is too low compared to the encrypt then you can't decrypt it depending on how you see it. Resolve long term encryption as a combination of threshold and an extended test. Use the encrypt rating as a threshold for all the tests AND multiply it by some number (or square or cube it) and treat THAT as the extended test target. That way only people with a certain level of ability and the right decryption equipment can even attempt to do it. |
|
|
Dec 19 2006, 12:39 AM
Post
#5
|
|
Moving Target Group: Members Posts: 615 Joined: 26-February 02 Member No.: 1,895 |
The catch is would this work 'by the rules'.
If you break the encryption of a file, device, or signal, you dont automatically know every file / device / signal that that person has ever encrypted. So if every turn your (or the agent) re-encrypts something, then dosnt it effectively become un-dectryptable. (unless/untilll you can knock out the agent somehow). If you decrypt my password file, so I change all my passwords (before you get on the systems to make a backdoor), and then -re-encrypt the new password file, you can just open it since 'you decrypted' my password file, since I have used a seperate action to 're-encrypt' it. Now admitedly you are going to have to have a reasonably high level agent to run an strong level encryption, to make this work and for a very limited number of connections, but it would give you a limited very near impossible to get in real time access to the data channel. Sure you could record and then decrypt the saved data stream (if it had something you wanted like video feeds, etc), but actually breaking into the live stream would be almost impossible (if not impossible). |
|
|
Dec 19 2006, 12:40 AM
Post
#6
|
|||
Moving Target Group: Members Posts: 615 Joined: 26-February 02 Member No.: 1,895 |
Serbitar: So by this logic, once somebody has compromised you, you are compromised for ever, for the rest of your existence? |
||
|
|||
Dec 19 2006, 12:54 AM
Post
#7
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
this would work, by the rules, but it's easily bypassed by simply spoofing the agent to send you the password.
|
|
|
Dec 19 2006, 03:21 AM
Post
#8
|
|||||
Running Target Group: Members Posts: 1,011 Joined: 15-February 05 From: Montréal, QC, Canada Member No.: 7,087 |
There's no logic to interpret in that statement. Just a succinct synopsis or SR's game designer stance on encryption. It must be hackable and it can't take forever to resolve. The FAQ simply suggest to increase the interval of the extended decryption test from 1 IP to 1 round, minute or whatever if you are unhappy with the speed of decryption. That doesn't make cracking the code any more difficult but if your beef was essentially that communications can be decrypted almost in real time then it solves the issue elegantly. |
||||
|
|||||
Dec 19 2006, 03:44 AM
Post
#9
|
|||||
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
huh? what's one got to do with the other? |
||||
|
|||||
Dec 19 2006, 03:52 AM
Post
#10
|
|
Moving Target Group: Members Posts: 584 Joined: 15-April 06 From: Pittsburgh Member No.: 8,466 |
Of course beyond that is the simple fact that Megacorps are going to be using top of the line stuff. It clearly states that experimental and military grade programs, and equipment go beyind the normal max of 6. Not that it is an everyday occurence, but when you decide the players need to run into a tougher time, feel free to jack up what they are dealing with. Of course that only goes so far, but it helps.
|
|
|
Dec 19 2006, 05:09 AM
Post
#11
|
|
Moving Target Group: Members Posts: 615 Joined: 26-February 02 Member No.: 1,895 |
From how I read the rules the spofin wouldnt work..
You have to make a Matrix Percetion test on the persona/agent to spoof them. So unless you have hacked one of the commlinks, or decrypted the data stream, you cant spoof the agents involved. The ways it is 'defated' 1) Enemy Hackers you locate signal and figure out where you are. Burst fire from auto-grenade launcher and problem sovled :-) 2) Enemy Hackers work as team (be it hacker and agents or multiple hackers). One (or more) work in dectrpting signal, as long as they can dectrypt in one turn, they turn over code to another hacker/agent who hacks in. Now they have to get this all done in one turn, but if they can do it in one turn they are golden (though have thrown alot of hacker talent at it) |
|
|
Dec 19 2006, 06:34 AM
Post
#12
|
|||
Great Dragon Group: Members Posts: 5,537 Joined: 27-August 06 From: Albuquerque NM Member No.: 9,234 |
I'm sort of surprised the developers that don't that this same stance towards physical barriers. All walls much be hackable with common household tools inside of a few combat turns? After all, how else could anyone expect PCs to get through that 10 foot reinforced concrete wall other than them pulling out a knife and starting chipping? Or would that strike even them as blatantly and obviously stupid? |
||
|
|||
Dec 19 2006, 07:02 AM
Post
#13
|
|||
Running Target Group: Members Posts: 1,011 Joined: 15-February 05 From: Montréal, QC, Canada Member No.: 7,087 |
Bad analogy. Hackers are an integral part of a runner team and need to be able to do their duties within the frame of a fast paced adventure. Tunnel diggers on the other hand aren't so integral to the game. This is a metagame issue in case you haven't noticed. Designers made it so that hackers can keep up with the rest of the groups. |
||
|
|||
Dec 19 2006, 07:06 AM
Post
#14
|
|
Horror Group: Members Posts: 5,322 Joined: 15-June 05 From: BumFuck, New Jersey Member No.: 7,445 |
kzt, the point is that there are ways around a 10 foot reinforced concrete wall - lots of them.
Airlift over them. Climb over them. Demolish them with an RPG-9. Tunnel under them. Bluff your way through a gate. Shoot your way through a gate. But for unencrypting files? There's only two ways to get that - either know the right password, or Decrypt it. |
|
|
Dec 19 2006, 07:36 AM
Post
#15
|
|||
Great Dragon Group: Members Posts: 5,537 Joined: 27-August 06 From: Albuquerque NM Member No.: 9,234 |
When you get right down to it, you can either go around or through a wall. Not many options there, are there? Just like a reinforced concrete wall there are lots of ways of dealing with encryption that make more sense than assuming it's a trivial obstacle that can be ignored. Lets list some: You steal/copy the key distribution media You hack the system in question so it isn't encrypting You coerce someone to give you the key You con someone into giving you the key You replace the keyboard (etc) with one that has a keylogger built in You hack the system so that it gives you a copy of the key You modify the hardware so it gives you the key You break the trivial passwords that people typically use (a far different scale of attack than attacking the actual cryptosystem keyspace) You send a drone in to watch them enter the key You walk in invisibly and watch them enter the key You tap the system before it encrypts or after it is decrypted You find the key written under their desk calender (etc) All of these have the advantage of making the players actually DO something actively towards accomplishing their goal, instead of it just being another pointless hoop to jump through that they can do on autopilot. And they typically have to take risks to do these, they can't do it from the safety of their secret underground lair in Antarctica. |
||
|
|||
Dec 19 2006, 07:47 AM
Post
#16
|
|||||||||||||||||||||||
Horror Group: Members Posts: 5,322 Joined: 15-June 05 From: BumFuck, New Jersey Member No.: 7,445 |
Sure. If you could pull off a meat stunt like this, I don't think that you'd be bothering with a datasteal.
Nice try, but not how it works. FILES are encrypted, the SYSTEM may or may not be, but even if it's not, the files are.
Possible in the Sixth World, but almost as risky as just swiping the hardware. And you're assuming that the "Key" is an actual password, and not something more esoteric and difficult to spoof - verifiable biometric data, a secure RFID chip implanted in someone's head, or something else.
For Shadowrun: 2007, this would work. For Shadowrun: 2070, forget about it. Most people probably don't even have a keyboard, let alone enter secure data on them that can be had by shoulder-surfing or a keylogger. And of course, there's nothing to say that the encryption itself dosen't have a one-time pad system as it's decoder. With SR4 file sizes being almost nonexistant compared to storage, you could pack a ridiculous number of years' one-time pads into a file.
Again, you assume that the system even understands what the unencrypted key is. If this is a more common file, with keys distributed on demand, it would be in theory possible - for anything more secure, forget it.
If you have the hardware in your clutches, there's no need for you to decrypt a single qu-bit. Just hand it over to Mr. J, who takes it back to his R&D and they use an UltraMegaHuge Processing Machine to brute-force it.
Password? Again, see above - I don't think anyone actually uses passwords anymore.
See the keylogger entry. Plus, people would notice a drone.
Sure, you waltz right in past astral security and engage in some shoulder-surfing - only to find out that the "key" is a biometric or something even more esoteric.
And if you have this kind of hardware access, you've already mastered the system, thus rendering encryption trivial.
Highly unlikely. |
||||||||||||||||||||||
|
|||||||||||||||||||||||
Dec 19 2006, 10:11 AM
Post
#17
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
i think easily-defeated encryption is a viable design choice. the basic question is, do you want players of hackers to have to actually hack, or do you want players of hackers to treat it like magic?
if you make encryption realistic, players of hackers have to actually hack. every time they want to do something, they--the player--has to figure out some sort of loophole or flaw that allows them to bypass the encryption. maybe they have the adept sneak in and find the password some sarariman wrote down on a stickynote at his desk. maybe there's a certain workstation that never got upgraded, or a router that traffics the data before it gets encrypted. now, personally, i think that sounds fun as hell. but, honestly? mages don't have to do that. they don't have to figure out the magic words that will convert mana into a bolt of electricity. street sams don't have to calculate the angle at which they'd need to hold their weapon in order to hit the guy on the roof over there. in every other situation in the game, the basic function a character fulfills--summoning spirits, shooting people, blasting spells out, punching faces, whatever--is handled by (ideally) well-defined interactions between dice and target numbers. the decision to not make hacker players the odd man out, to not require them to actually know something about the fictional role their character fills in order to do their in-game job, is perfectly okay. |
|
|
Dec 19 2006, 10:29 AM
Post
#18
|
|||
Neophyte Runner Group: Members Posts: 2,086 Joined: 26-February 02 Member No.: 364 |
So, out of curiosity, how do financial institutions ensure the integrity of online monetary transactions in your games? |
||
|
|||
Dec 19 2006, 02:54 PM
Post
#19
|
|||||
ghostrider Group: Retired Admins Posts: 4,196 Joined: 16-May 04 Member No.: 6,333 |
My way is that I ignore things like that because I know that I'm playing a game, and that in order for one type of character to be viable at all, there might be a few discrete concepts that you have to accept as they are. So banks have secure transactions and the world doesn't collapse, because if they didn't and the world collapsed I wouldn't have a game to play. (I know some people don't like this approach, but it works for me. For me, it's not worth the extra headache and testing that would be required in order to rework the system so that everyone <read: hackers and banks> worked on the same system.) |
||||
|
|||||
Dec 19 2006, 05:07 PM
Post
#20
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
well, in my games, i play SR3. so i can toss rating 14 encryption on things, if it ever comes up. breakable, but not in enough time to be useful. why doesn't everyone use rating 14 encryption on important stuff? 'cos.
|
|
|
Dec 19 2006, 05:33 PM
Post
#21
|
|||
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Two words: Simple Action. Data-Encryption is a joke in SR3 if you use a deck. You mean broadcast encryption? It's limited to 10 - but that is close to unbreakable... as it uses completly different rules. |
||
|
|||
Dec 19 2006, 05:41 PM
Post
#22
|
|
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
there aren't that many people running around with a rating 7+ decrypt program and enough skill to crack rating 14 encryption in a single simple action. most of the time, they'll have to make several attempts. i suppose if it actually became a problem, i could just up it to rating 20.
|
|
|
Dec 19 2006, 06:54 PM
Post
#23
|
|||||||
Hoppelhäschen 5000 Group: Members Posts: 5,807 Joined: 3-January 04 Member No.: 5,951 |
Indeed, rating 7 would be low-end for a PC decker... even the the generic decker connection runs programs up to rating 8.
You mean like, some actions against one? Big difference... it still takes longer to download a file than to crack it.
It still needs just one success, so it's no big deal. Just in case you still haven't notice: No such this like a strong canon data encryption in SR. |
||||||
|
|||||||
Dec 19 2006, 06:57 PM
Post
#24
|
|||
Genuine Artificial Intelligence Group: Members Posts: 4,019 Joined: 12-June 03 Member No.: 4,715 |
OMG! All sudden you english is weird! wtf!? ;) |
||
|
|||
Dec 19 2006, 07:07 PM
Post
#25
|
|||
Immortal Elf Group: Members Posts: 11,410 Joined: 1-October 03 From: Pittsburgh Member No.: 5,670 |
as i recall, it's an opposed test like any other on the Matrix. Access subsystem, i think. as for rating 8 programs, yes, they're for sale--for hundreds of thousands of dollars. a PC decker can cook up his own, of course, but a PC decker is easy enough to leash. NPC deckers are what i'm mainly concerned with, and it's pretty simple to say that NPC deckers generally lack access to high-rated programs. and, yeah, strong data encryption in SR3 is hard to come by. a determined PC can always overcome it (at least, all of my deckers have). one of SR3's many, many shortcomings. |
||
|
|||
Lo-Fi Version | Time is now: 25th April 2024 - 09:39 AM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.