Thoughts on Encryption/Decription Options

[tete]

Has anyone besides me tried it in RL? I mean wireless networks are no problem because as soon as someone connects the key has just been broadcast out to everyone, so your looking at a matter of minutes from the time of the connection. So I decided to encrypt an 80 gig HD it took about 24hrs, then I tried to decrypt it using another computer without the key. Well it took a little longer than a week and I wouldn't call it a full recovery.

[edit] the computers are about the same in terms of cpu and memory. Both are intel dual core aprox 3ghz with 4 gigs of memory.

Based on this do you feel it would be reasonable in SR4 to say decrypting a file is more like cracking a program (Unwired)? Rather than the standard encryption/decryption rules.

[Backgammon]

Your first mistake is saying SR technology works like today's technology.

[tete]

Your first mistake is saying SR technology works like today's technology.

I think they indicated that by changing from Decker to Hacker and from Deception to Exploit...

[hobgoblin]

i would suggest reading unwired. specifically the sidebar on page 67.

[otakusensei]

You're welcome to make some RL inspired rules for Encrypt/Decrypt, but it's clear that the rules in the book are more based around making the game fun than making us all amateur cryptanalysis.

I've used the rules as written both as player and GM and I've been happy with the out comes. The IT engineer in me cringes a bit at people who know SR rules by heart but can't keep a solid password on their email, but what are you gonna do?

[D2F]

Has anyone besides me tried it in RL? I mean wireless networks are no problem because as soon as someone connects the key has just been broadcast out to everyone, so your looking at a matter of minutes from the time of the connection. So I decided to encrypt an 80 gig HD it took about 24hrs, then I tried to decrypt it using another computer without the key. Well it took a little longer than a week and I wouldn't call it a full recovery.

[edit] the computers are about the same in terms of cpu and memory. Both are intel dual core aprox 3ghz with 4 gigs of memory.

Based on this do you feel it would be reasonable in SR4 to say decrypting a file is more like cracking a program (Unwired)? Rather than the standard encryption/decryption rules.

Considering that it is possible, someone came up with a way to calculate the prime numbers any particular number is made out of as a product or sum in SR, the way encryption (and thus decryption) works in SR might be vastly different from how it works today.

That's where suspension of disbelif kicks in and we simply use the rules as they are.

[StealthSigma]

i would suggest reading unwired. specifically the sidebar on page 67.

If that sidebar is the sidebar I'm thinking of, it's an utterly rubbish reasoning. Some magical math formula that cracks all encryption, past, present, and future.

The consequences of such a formula indicate that this individual has mathematically predicted human thought and that free will does not exist.

[Brazilian_Shinob...]

If that sidebar is the sidebar I'm thinking of, it's an utterly rubbish reasoning. Some magical math formula that cracks all encryption, past, present, and future.

The consequences of such a formula indicate that this individual has mathematically predicted human thought and that free will does not exist.

In a more mathematical explanation, it seems to me that he proved that P = NP and he developed and algorithm that proved this. Converting this to tell you if a given number is a prime number is just a walk on the park AFTER you have proved this. It could just mean that no one discovered a better way to secure nodes and so we have the Spider-Black ICe duo.

[kzt]

Has anyone besides me tried it in RL? I mean wireless networks are no problem because as soon as someone connects the key has just been broadcast out to everyone, so your looking at a matter of minutes from the time of the connection. So I decided to encrypt an 80 gig HD it took about 24hrs, then I tried to decrypt it using another computer without the key. Well it took a little longer than a week and I wouldn't call it a full recovery.

If you choose poorly designed encryption algorithm, like WEP, or choose crappy passphrases encryption is not terribly useful. If you use a well designed encryption like AES and your software implements it correctly and you don't use trivial or guessable keys/passphrases you literally can't break it. Breaking 128 bit AES via brute force requires (via Landauer's principle) that you dissipate an average of 10^17 joules of heat, or about the same energy that you get from setting off a 100 megaton bomb.

[D2F]

If that sidebar is the sidebar I'm thinking of, it's an utterly rubbish reasoning. Some magical math formula that cracks all encryption, past, present, and future.

The consequences of such a formula indicate that this individual has mathematically predicted human thought and that free will does not exist.

All modern encryption is based on prime numbers. The reason that works (with very long numbers, mind you) is because we (currently) have no easy way to determine the prime numbers of which a specific given number consists.
You may also check out some of the millenium prize questions, like the P vs. NP Problem, the Birch and Swinnerton-Dyer Conjecture, or most importantly, the Rieman Hypothesis. Especially the latter one, if solved, would potentialy render our entire modern encryption method obsolete in one fell swoop.
That sidebar is far from rubbish.

Also, check this article.

[nezumi]

(Thank you, kzt. My thoughts exactly.)

Yes, your tests indicate that you are using pretty lousy encryption techniques, first and foremost. With a little more work, you could have (still for free) encrypted your hard drive to a degree that it is considered unbreakable by the US government (as has happened).

SR drops the ball completely, presumably in the name of fun. You can come up with your own reasons. Optical technology has somehow eliminated the modular math problem. The tremendously high-bandwidth necessary for full simsense has put a stranglehold on the available lag time due to encryption, making proper encryption unfeasible. Poor encryption implementation due to the complexity of systems has resulted in holes that can be exploited to circumvent the encryption. Whatever. This is currently being addressed in SR3R, so if you want to hop over there and take those ideas for your own game you're welcome to, although I don't think they're really SR4 compatible (and I really don't know how you'd implement it in SR4, since I don't play that game.)

[Draco18s]

the Rieman Hypothesis. Especially the latter one, if solved, would potentialy render our entire modern encryption method obsolete in one fell swoop.

I was told to ask my high school math teacher one time "when he'd get around to proving it."
He thought that was pretty funny.

BTW, IIRC, some anonymous Indian (the country) guy actually wrote a 13 line computer program that can prove if a number is prime or not.

It involved taking two random numbers, raising them by suggested prime, and performing a modulo operation (IIRC). If it came out 0 then there was a 95% or greater chance that it was prime, so doing it twice pretty much insured that yes, it was prime.

I tried implementing it once only to find that my two random numbers couldn't be greater than about 4 if my test prime was less than 16 and couldn't test higher than ~25 at all (limitation on the unsigned longint variable type--doubles and floats could be much larger, but couldn't do modulo).

[Malachi]

If you want to "fix" Encryption in SR to make it closer to RL technology that we have now it's easy: simply change the interval. Make it 1 minute, hour, day, week, month, year, or decade. I'm sure the SR decryption speed was chosen in order to make the game fun. RL hacking and decryption is nowhere near entertaining to watch or roleplay. Rolling dice over and over to determine if a security flaw was found, or rolling dice over and over to simulate a computer attempting to break encryption is boring; breaking in quickly and having to fight an Intrusion Countermeasure that looks like a Cyclops swinging a giant club is fun.

[D2F]

I was told to ask my high school math teacher one time "when he'd get around to proving it."
He thought that was pretty funny.

Heh, I can imagine... However, in the article I posted there are several claims mentioned that are currently submitted to peer review, so chances are, someone may actually have figured it out.

Now add 63 years to the mix...

[StealthSigma]

Heh, I can imagine... However, in the article I posted there are several claims mentioned that are currently submitted to peer review, so chances are, someone may actually have figured it out.

Now add 63 years to the mix...

The article you linked also pointed out that finding an algorithm to determine primes isn't a problem. The current encryption method was implemented before it was known if primes would be unbreakable, and there are mathematical methods of performing encryption that are proven unbreakable. Just like IPv4, at the time it was thought to be all that would be necessary. At some point in the near future we're going to have to move up to IPv6.

If, and the keyword is if, modern encryption techniques are broken, the technique will change to a proven unbreakable method. We will essentially use this system until such times as change is forced. In reality, the SR world has faced two Matrix crashes would serve as good resets to redo encryption technology.

[Rotbart van Dain...]

The consequences of such a formula indicate that this individual has mathematically predicted human thought and that free will does not exist.

Not every formula is the Anti-Life Equation.

[D2F]

The article you linked also pointed out that finding an algorithm to determine primes isn't a problem. The current encryption method was implemented before it was known if primes would be unbreakable, and there are mathematical methods of performing encryption that are proven unbreakable. Just like IPv4, at the time it was thought to be all that would be necessary. At some point in the near future we're going to have to move up to IPv6.

If, and the keyword is if, modern encryption techniques are broken, the technique will change to a proven unbreakable method. We will essentially use this system until such times as change is forced. In reality, the SR world has faced two Matrix crashes would serve as good resets to redo encryption technology.

SR obviously moved to a stage where the Riehman Hypothesis as well a the N vs NP problem have obviously been solved.
That alone would require a massive change in encoding and decoding methodology and it is questionable, whether a method is even conceivable that can be proven unbreakable under such circumstances.

That in itself could be the reason why SR employs "fluid" security protocols.

Whetever the justification, though: it is obviously not possible to create long-term encryption solutions in SR. As to why does not really matter at that point, even though the speculation about it proves quite interesting.

[tete]

(Thank you, kzt. My thoughts exactly.)

Yes, your tests indicate that you are using pretty lousy encryption techniques, first and foremost. With a little more work, you could have (still for free) encrypted your hard drive to a degree that it is considered unbreakable by the US government (as has happened).

First off anything transmitted wirelessly is insecure. AES passphrases take longer but still you broadcast the key to anyone who wanted to grab it (FBI proved that theory pretty well at black hat 07'). You can look at the black hat challenges of different years to see how crazy fast some people can get through. My hard drive encryption software was not the best because I wanted to break it fast. You see SR treats wireless encryption and hard drive encryption as the same thing. In reality its a ton easier to crack wireless (that whole broadcasting thing) than to crack open an encrypted file but the rules do not reflect this.

[StealthSigma]

SR obviously moved to a stage where the Riehman Hypothesis as well a the N vs NP problem have obviously been solved.
That alone would require a massive change in encoding and decoding methodology

Full stop.

Encoding/Decoding are not the same thing as Encryption/Decryption. Anyone who even has a mild interest in cryptography should know that fact. All you've managed to do is just prove my hypothesis that you really aren't digesting and interpreting what you're reading, but instead just looking for contrary articles specifically to be belligerent.

As I said, there's multiple other mathematical methods that can be used for cryptography. Until such point that Riehman has been proved there is no need to supplant the current system. It's too massive and unwieldy to do so. Trying to convert from IPv4 to IPv6 shows how pointless it would be to try to change the encryption algorithms.

Security will ALWAYS be a concern. There will ALWAYS be a need to keep things secret. This alone will drive a change in cryptography if the prime method becomes obsolete. The world of Shadowrun has seen two Matrix crashes that resulted in large volumes of data loss, likely involving significant portions of all encrypted data. They are two reset events which would allow the entire computing environment to be reset.

As I said, if this magical mathematical formula is the proof for Riehman, then for it make encryption obsolete would require to also prove every other mathematical encryption technique that has already been proven uncrackable.

[D2F]

Full stop.

Encoding/Decoding are not the same thing as Encryption/Decryption.

You are, of course, completely right. My bad. Meant to say encryption/decryption.

As I said, if this magical mathematical formula is the proof for Riehman, then for it make encryption obsolete would require to also prove every other mathematical encryption technique that has already been proven uncrackable.

The mere fact that SR still uses encryption serves as proof that it is not obsolete.
In addition, I only said current methods could become obsolete. Not that we couldn't come up with new ones. The important aspect here is as to whether those new methods would be as solid as we are used to.

[otakusensei]

This is a road the forum has been down many times. Some folks are happy to use the rules as written, some make custom ones and some others just let it ruin their fun.

Before WWII computers were people, mostly women, who sat at a desk and did math. True story. Perhaps the methods and techniques that they collectively call Encryption in SR bare about the same resemblance as modern computers to their prewar counterparts?

[kzt]

First off anything transmitted wirelessly is insecure. AES passphrases take longer but still you broadcast the key to anyone who wanted to grab it (FBI proved that theory pretty well at black hat 07'). You can look at the black hat challenges of different years to see how crazy fast some people can get through. My hard drive encryption software was not the best because I wanted to break it fast. You see SR treats wireless encryption and hard drive encryption as the same thing. In reality its a ton easier to crack wireless (that whole broadcasting thing) than to crack open an encrypted file but the rules do not reflect this.

What you are talking about are poor design and operational practices, not actual vulnerabilities in the encryption. A FIPS 140-2 compliant system doesn't broadcast anything usable to attack and it's actually pretty darn hard to break into. Most of the high-end commercial systems can be set up in FIPS 140-2 mode, but it's painful and typically only done by the Feds. However this is only usable for "For Official Use" or "sensitive but unclassified". For actual classified traffic you have to use Type 1 encryption products. These are vastly more hardened than a commercial grade wireless system and their are very few of them out there. But here is one example. They are very expensive and systems like this are typically a huge pain to operate and maintian.

[tete]

I am well aware of FIPS 140-2 and commercial grade wireless systems. FIPS 140-2 has nothing to do with wireless specifically (If you had the wireless in a Lead Shielded room with a big old lock it may be good enough for level 2). Look in 07' the best commercially available non-millitary grade wireless encryption we had (256bit) was compromised in 8 min from when a user logged onto the wireless system by the FBI using a simple IBM laptop with in house scanning and decryption software at black hat. Granted this was not expected by anyone (estimates were in at the low range of a 1/2 hour on up). Seeing how this is the field I work in to an extent (wireless) I'm used to how easy it is to compromise using good tools (granted someone has to log on so you have packets to grab). I also deal with harddrive encryption (to a much lesser degree) and had heard the stuff I use at work takes months to crack if you can recover it at all. I figured this is not a fair test as my wireless is only a cisco 881 at home and not one of the big multi-thousand dollar wireless systems like at work., so I grabbed some hard drive encryption software that came with my personal laptop. Just to compare how long it takes me unauthorized log on to my own wireless network vs decrypt a hard drive. The only real difference in the test is that when it comes to compromising wireless I know what I'm doing and I have great tools. Hard Drives I'm shooting blind, thats not my department I send that to the data recovery guys who work there own magic. Personally at work I have not seen anything even with a sensitive sticker on it have wireless access. Your term of type 1 is confusing me to. Are you trying to refer to 140-2 level 1 or 140-1... Because level 1 is the lowest level of protection as defined by 140-2.

[Rotbart van Dain...]

AES passphrases take longer but still you broadcast the key to anyone who wanted to grab it (FBI proved that theory pretty well at black hat 07').

All those attacked WPA, not WPA2. WPA uses TKIP, which is based on RC4, like WEP. WPA2 uses CCMP based on AES, and it's not broken.

My hard drive encryption software was not the best because I wanted to break it fast.

Given that there is reliable FOSS out there like cryptsetup-LUKS and TrueCrypt, there's no real point in using something you can break.

[tete]

Given that there is reliable FOSS out there like cryptsetup-LUKS and TrueCrypt, there's no real point in using something you can break.

missing the whole point of my test.

Shadowrun 4e has all encryption as equal (harddrive vs wireless). I believe this to be a fallacy. I can pull an IP on my own wireless router at home (see above, im not using WEP, I use WPA2) well less than an hour. We shall say my rating (of my router) is about 3 on it in Shadowrun terms as it would be good for a small to midsize business. Using similar grade software to encode my hard drive. After about a week I was able to recover a reasonable amount of data (some of it is corrupted). So in my test harddrives take days where as wireless takes minutes. This shows (really bad science I'll admit) that encryption is not equal between the mediums. There by I was asking based on that evidence would it be ok to use the rules for cracking a program (which takes days) instead of the standard rules (which takes seconds) for decrypting a file.

[edit] and I'm not saying AES is broken, I'm saying anytime you use wireless when a computer connects you have just broadcast all the information someone else needs to connect. Its just like having someone physically on your network but not on the domain scanning packets for logons (actually this is MORE dangerous in most situations as many people don't encrypt their own network or firewall from the inside). You now have all the information you need to get on the network properly. Its just a matter of how long will it take your to dissect the packet.