Unwired - Strong Encryption, Why doesn't every node have it? Options

[Irian]

Just a small detail I don't understand: Why doesn't every non-public node have strong encryption? Forcing a hacker to work 24 hours before having a chance to enter a node should help extremly to keep it secure... Is there a drawback that I didn't notice?

[Heath Robinson]

Just a small detail I don't understand: Why doesn't every non-public node have strong encryption? Forcing a hacker to work 24 hours before having a chance to enter a node should help extremly to keep it secure... Is there a drawback that I didn't notice?

It increases your reboot times by 24 hours?

[Irian]

Why? You reboot the node - now you're as secure as always - and then your spider start encrypting it. Of course, your node is vulnerable after reboot - but only as vulnerable as the node would have been anyway.
Or did I miss a rule that a node that's being encrypted can't be used while encrypting?

[RunnerPaul]

It increases your reboot times by 24 hours?

Can I get a page number cite to support that?

Putting strong encryption in place intially takes 24 hours. Entering a legitimate passcode to decrypt it takes a simple action. If node encryption persists from reboot to reboot, that same legit passcode will only require a simple action after the reboot. If Node Encryption must be applied after each reboot (I believe the books are silent on this matter), then while it'll take a full day to achieve the level of protection you had previously, you can still be operating during that time under a temporary lesser form of encryption.

Or did I miss a rule that a node that's being encrypted can't be used while encrypting?

Only nodes that have a Processor Limit of 1 and Response of 1 that have no ergonomic programs loaded. To quote noted authority Albert Yankovich, who's well versed on many topics: "You're using a 386 -- don't make me laugh! Your Windows boots up in what, a day and a half?"

[Irian]

There is something about reboot and encryption, but unfortunatly, it's not clear, imho:

Node encryption is restored by rebooting the node (a Complex Action, plus boot time), and re-encrypting it (a Simple Action).

Either that means that you can restore a strong encryption with a Simple Action or the authors missed a little detail (IMG:style_emoticons/default/smile.gif)

[Heath Robinson]

Why? You reboot the node - now you're as secure as always - and then your spider start encrypting it. Of course, your node is vulnerable after reboot - but only as vulnerable as the node would have been anyway.
Or did I miss a rule that a node that's being encrypted can't be used while encrypting?

The 24 hour option isn't worth it when most people aren't hackers. Some worried people might do it as a result of the technomancer and AI scares, but generally security isn't about throwing as much in as possible. One has to consider the intended purpose of the node when determining whether the security is actuall worthwhile.

When you are going for the 24 hour strong encryption, that 24 hour strong encryption is part of the services offered by the node. Any node offering 24 hour strong encryption is going to be favoured by the extremely paranoid and security over-conscious, they're not going to use it when the encryption is down. Reboot time is the amount of time it takes to reboot and resume full functionality, hence the reboot time is increases by a whole day. From a business perspective, going down even once a month when it takes a whole day to return to full functionality is a terrible loss of profit.

[Irian]

Unfortunatly, the rules are unclear here.

[Heath Robinson]

Either that means that you can restore a strong encryption with a Simple Action or the authors missed a little detail (IMG:style_emoticons/default/smile.gif)

Strong encryption is an option you can take on any encryption action that lengthens the encryption process. By default you get weaker encryption, you have to choose to sustain the encryption process for longer to return to the full 24 hour encryption. It still takes a simple action to begin restoring the encryption but it has to be sustained for 24 hours. That's what makes sense to me.

The accompanying fluff states that it takes more time and computation; this implies that the process of encrypting is extremely taxing so it shouldn't be restorable with just a few moments of work when the encryption is broken.

[Eryk the Red]

Every extra bit of security (including Strong Decryption) costs time, resources and manpower to implement and maintain. While all of that is not necessarily reflected in game rules, you ought to think in those terms as a GM. "How much would this organization commit to matrix security?"

And, really, it's just about drama. Would it be dramatic for the hacker to decrypt this mid-combat, or would it be dramatic for it to take a while?

[CanRay]

In addition, the stronger the encryption, the longer it's going to take to save/load every file on the system with that encryption.

Hey, if we're talking about one user, that's not that big a deal. But we're talking about systems with dozens, if not hundreds or THOUSANDS of users! It adds up very quickly.

Processor time is a resource, just like any other, and it's got a cost applied to it.

You wouldn't want Bob in Accounting angry at you, would you? Bob has Discretionary Funds!

[hazemyth]

Given that most nodes need to operate dynamically in real time, I would limit strong encryption to stored data, not active nodes or subscriptions.

[Rotbart van Dain...]

The 24 hour option isn't worth it when most people aren't hackers.

Technically, it's worth it for every runner. But 24h are just an extreme - doing a 1h strong encryption already will protect your commlink from being hacked in mid-combat.

Given that most nodes need to operate dynamically in real time, I would limit strong encryption to stored data, not active nodes or subscriptions.

Sure, but by RAW, it is only forbidden for Signal encryption.

[RunnerPaul]

Sure, but by RAW, it is only forbidden for Signal encryption.

Yeah, if you take one statement in isolation without looking at the greater context. What does it mean to encrypt a node? Encryption of a node is premptively placing encryption on all means of access to that node, so that proper pascodes must be presented or the encryption cracked before access can be attempted. Where would you be attempting that access from? Another node. And an encryption between two nodes just happens to be the definition of Signal Encryption.

[Rotbart van Dain...]

Yeah, if you take one statement in isolation without looking at the greater context.

The greater context is that there are three major kinds of encryption per Unwired: File, Node and Signal.

[RunnerPaul]

The greater context is that there are three major kinds of encryption per Unwired: File, Node and Signal.

And there are three kinds of pistols in Shadowrun: Light Pistols, Heavy Pistols, And Machine Pistols. Doesn't mean I don't let my players swap ammo between a Light Pistol that fires 4P and a Machine Pistol that fires 4P. If tomorrow Catalyst published a new type of ammo on their website, with a disclaimer that said that it wasn't available for Light Pistols, you can bet I'd have to hear a pretty good explanation as to why I should allow it to be fired from a 4P machine pistol.

[otakusensei]

If a signal is encrypted, you need the key or decrypt to intercept it

If a file is encrypted, you need the key or decrypt to open it

If a node is encrypted, you need the key or decrypt to access it

If you use strong encryption to encrypt something, you need to spend the same amount of time (up to 24 hours) decrypting it before you can do the above.

Therefore if you want to stong encrypt every node in your game, go ahead. This means that the key will be that much easier for the hackers to get. Everyone that accesses it needs that key, sort of like a passcode. Enabled strong encryption makes it synonymous with a second passcode, albeit one that can be avoided by 24 hours of decryption.

[Rotbart van Dain...]

If tomorrow Catalyst published a new type of ammo on their website, with a disclaimer that said that it wasn't available for Light Pistols, you can bet I'd have to hear a pretty good explanation as to why I should allow it to be fired from a 4P machine pistol.

The latter would be a houserule, sure... though not quite like treating Nodes like Signals - which they aren't.

Therefore if you want to stong encrypt every node in your game, go ahead. This means that the key will be that much easier for the hackers to get.

Just you aren't forced to use the same passcode more than once...

[Da9iel]

Does the book mention all the nodes interacting with a strongly encrypted node? Say I manage to hack a camera. The camera is talking to the security node. The security node is strongly encrypted. Can I lift the key from the camera, or does that take 24 hrs or more?

[RunnerPaul]

Does the book mention all the nodes interacting with a strongly encrypted node? Say I manage to hack a camera. The camera is talking to the security node. The security node is strongly encrypted. Can I lift the key from the camera, or does that take 24 hrs or more?

Depends on the setup. If the Camera somehow has a node account set up for it on the Security Node, then yes, having hacked yourself an admin acount on the camera's node would give you a free pass into the Security Node. However, usually, the node account is setup the other way, with the Security Node having a node account set up for it on the camera. Or the Security Node could just be sending data requests to the camera.

[deadcellplus]

Time mostly, if a node needs to be instantly accessible then encryption is just gonna slow that down. However it does make sense to have some nodes highly encrypted. If the node needs security over access speed, then sure encrypt away.

One thing about encryption, a lot of encryption algorithms use prime numbers as well as something like a totient. The thing about encryption isnt really that people dont know how to crack it, its that we dont know how to find primes and factor numbers quickly. I dont know much off hand about how shadowrun handles divination, but I think a mage might be able to simply ask a spirit if it knows a way to factor the numbers, or if it knows the factors for the totient. If so, I'm pretty sure all deckers should have a mage friend, at least for dealing with encryptions.

[RunnerPaul]

The thing about encryption isnt really that people dont know how to crack it

Ah but from 2065 on forward, they do know how to crack it. There's a sidebar in Unwired with the details.

[Dr Funfrock]

The thing about encryption isnt really that people dont know how to crack it, its that we dont know how to find primes and factor numbers quickly.

Presumably this is part of Heinrick's breakthrough; applying the massively advanced computation of 2065, combined with breakthroughs in expert systems and fuzzy logic to factor primes almost instaneously. Throw in a few other breakthroughs in theory that would simply blow our tiny little 2008 minds, and you have your paradigm shift in decryption technique.

[Heath Robinson]

Presumably this is part of Heinrick's breakthrough; applying the massively advanced computation of 2065, combined with breakthroughs in expert systems and fuzzy logic to factor primes almost instaneously.

Who would have known that non-probabilistic continuous logical reasoning would be so powerful?

It's almost a given that all the corps are devoting significant effort to cracking the algorithms of their rivals and the practice of academic development of cryptography has long since disappeared (lol GRIMNDARK), leading to crappy encryption algorithms becoming mainstream (proprietary algorithms are crappy, it's a fact). The arts of cryptanalysis are probably quite advanced thanks to a number of huge wars happening in recent history. It's in the interests of the corps to release Decrypt programs using SOTA cryptanalysis techniques and harvest their rivals' data from the havens it ends up in.

On that note, I wonder if Britain reopened Bletchely Park for a laugh (25% of UK domestic and foreign policy is for entertainment purposes, you heard it here first) during the Euro Wars.

[deadcellplus]

Ah but from 2065 on forward, they do know how to crack it. There's a sidebar in Unwired with the details.

o cool, ill have to look at then when I get unwired.

Just as a spoiler could you give me a summary or something of how they explain it?

(proprietary algorithms are crappy, it's a fact)

QFT

[RunnerPaul]

Just as a spoiler could you give me a summary or something of how they explain it?

Breakthrough algorithm that allows the computational power of the latest generation processors to be leveraged to their full effect. Developed by a researcher named Heinrich Andrews, so naturally the hacker community refers to it as the "Heinrich Maneuver"