Unbreakable Encryption, Use it today! Options

[kjones]

The encryption that we use today is called asymmetric key encryption - basically, this means that if Alice and Bob want to speak securely, they don't need to meet up beforehand to exchange a password. This is good, because it lets you give Amazon.com your credit card number without having to work out some way to exchange a password that isn't itself insecure.

Modern asymmetric key encryption takes advantage of the mathematical principle that it is easier to multiply two prime numbers together than it is to factor a number into its prime components - if somebody were to come up with a way to factor products of large primes quickly, this would obliterate modern encryption as we know it. Presumably, this is what happened in Shadowrun.

However, asymmetric key encryption is not the only kind of encryption in the real world. Symmetric key encryption, if properly implemented, is mathematically perfect. Consider the following encryption algorithm - I have a string of characters, "dumpshock". I come up with perfectly random string of characters (there are ways to do this, but the one that I'm going to use, mashing on my keyboard, is not one of them) - "avzliwamf". I then take each character's numerical value (a = 1, etc.) from the plaintext ("dumpshock") and add it to the key ("avzliwamf"), and if the result is greater than 26, I subtract 26.

In cryptography parlance,
Plaintext: dumpshock
Key: avzliwamf
Ciphertext: dumpshock + avzliwam = eplxadppp

This cipher is unbreakable because while I could try guessing different keys and seeing if I get "dumpshock" back, I would only know that's the correct answer if I knew it going in - "eplxadppp" could also mean "kjonesroxx" or "iluvdandd" or anything, and there's no way of knowing. (Assuming that the key generated was perfectly random.)

Now, the obvious problem with this method is that if Alice wants to send Bob a message encrypted with this algorithm (known as a "one-time pad"), Alice must first work out a way to send Bob the key. This is why we don't use one-time pads in the real world - key exchange is too much of a hassle.

But, say you're a shadowrunner, and you have a very real and immediate need for secure exchange of data among your teammates. Since data storage in the 6th world is "enough", there's nothing stopping you from generating a couple billion megapulses of randomly generated keys and passing them among your team the next time you all meet up at the Stuffer Shack. It would not be hard to encrypt all data passed among your teammates during a run (or whenever) using these one-time pads. If you run out, knock off a couple billion more.

The irony here is that the greatest insecurity in this system is that a hacker can still waltz in, hack anyone's comm, and grab the keys, but there are ways to defend against this - firewalls, data bombs, and I seem to recall an option in Unwired that helps prevent files from being moved around. But there is no way to break this encryption by simply intercepting wireless signals. This helps solve, for example, the insecurity of tacnets.

Thoughts? Suggestions? Reasons why I'm wrong?

[Ancient History]

If your key is as long as your plaintext message, then by definition it's a one-time pad, which is unbreakable. I actually mentioned that in the FAQ. The problem is generating the one-time pads and communicating them without being intercepted. That's why modern (but breakable) cryptography uses pseudo-random number generation for the keys, among other things.

[Starmage21]

The encryption that we use today is called asymmetric key encryption - basically, this means that if Alice and Bob want to speak securely, they don't need to meet up beforehand to exchange a password. This is good, because it lets you give Amazon.com your credit card number without having to work out some way to exchange a password that isn't itself insecure.

Modern asymmetric key encryption takes advantage of the mathematical principle that it is easier to multiply two prime numbers together than it is to factor a number into its prime components - if somebody were to come up with a way to factor products of large primes quickly, this would obliterate modern encryption as we know it. Presumably, this is what happened in Shadowrun.

However, asymmetric key encryption is not the only kind of encryption in the real world. Symmetric key encryption, if properly implemented, is mathematically perfect. Consider the following encryption algorithm - I have a string of characters, "dumpshock". I come up with perfectly random string of characters (there are ways to do this, but the one that I'm going to use, mashing on my keyboard, is not one of them) - "avzliwamf". I then take each character's numerical value (a = 1, etc.) from the plaintext ("dumpshock") and add it to the key ("avzliwamf"), and if the result is greater than 26, I subtract 26.

In cryptography parlance,
Plaintext: dumpshock
Key: avzliwamf
Ciphertext: dumpshock + avzliwam = eplxadppp

This cipher is unbreakable because while I could try guessing different keys and seeing if I get "dumpshock" back, I would only know that's the correct answer if I knew it going in - "eplxadppp" could also mean "kjonesroxx" or "iluvdandd" or anything, and there's no way of knowing. (Assuming that the key generated was perfectly random.)

Now, the obvious problem with this method is that if Alice wants to send Bob a message encrypted with this algorithm (known as a "one-time pad"), Alice must first work out a way to send Bob the key. This is why we don't use one-time pads in the real world - key exchange is too much of a hassle.

But, say you're a shadowrunner, and you have a very real and immediate need for secure exchange of data among your teammates. Since data storage in the 6th world is "enough", there's nothing stopping you from generating a couple billion megapulses of randomly generated keys and passing them among your team the next time you all meet up at the Stuffer Shack. It would not be hard to encrypt all data passed among your teammates during a run (or whenever) using these one-time pads. If you run out, knock off a couple billion more.

The irony here is that the greatest insecurity in this system is that a hacker can still waltz in, hack anyone's comm, and grab the keys, but there are ways to defend against this - firewalls, data bombs, and I seem to recall an option in Unwired that helps prevent files from being moved around. But there is no way to break this encryption by simply intercepting wireless signals. This helps solve, for example, the insecurity of tacnets.

Thoughts? Suggestions? Reasons why I'm wrong?

unbreakable encryption exists, as explained in Unwired, and it's basically a GM Fiat that says "no, you cant hack this".

Without breakable encryption, Hackers, who have been a major staple of the game since it's inception, become useless.

So the fluff explaination for that is decryption algorithms and computers are so awesome that no amount of encryption is safe.

[Synner667]

unbreakable encryption exists, as explained in Unwired, and it's basically a GM Fiat that says "no, you cant hack this".

Without breakable encryption, Hackers, who have been a major staple of the game since it's inception, become useless.

So the fluff explaination for that is decryption algorithms and computers are so awesome that no amount of encryption is safe.

That sums it up, really.
Supposed realism, that completely goes out the window in the name of the game.
Obviously, too much to expect that players actually have to work.

[Bira]

Actually it just forces you to get a little more creative in obtaining those cryptographic keys, which can be a good thing depending on what tone you want for your campaigns.

The reason Shadowrun's default encryption is so weak is that SR is not trying to emulate reality. It's emulating Hollywood action movies. In action movies, hackers can always break any encryption within seconds by tapping on a keyboard for a bit. The thinking here is that realistic encryption, and the ins and outs of getting around it, are not as exciting as the shootouts, martial arts fights, car chases, and tense sneaking scenes. Therefore, encryption is set up as a minor obstacle that can be overcome in the same time frame as the exciting scenes, and is meant to be used as an additional complication.

Realistic "strong" encryption, which, even when not unbreakable, would take many years to break through brute force, works best for more "cerebral" games, where the group is indeed interested in the longer, more involved process for getting around them. Cracking an encrypted file, or tapping into a secure connection, can then become the main goal of the adventure, rather than a secondary obstacle.

[DireRadiant]

If we get realistic encryption, can I have realistic dragons, elves, magic and guns too?

[Eratosthenes]

A little imagination could see how a world that has cars that can drive themselves (better than many humans, even), could come up with fuzzy logic algorithms that break standard encryption routines.

There are two (that I can think of) problems with decryption:

1) Identifying the method of encryption
2) Breaking the cipher

For one, perhaps mathematics has discovered particular encryption methods leaves tell-tale signatures on the pattern or distribution of bits, bytes, or characters. With a method to determine the type of encryption used, you can get down to pattern matching, reverse engineering, or raw plug-n-chug analysis.

And one-time pad's aren't fool proof (you can always build a better fool!), especially if the method for randomly generating the one-time pads can be determined. Say two devices regularly exchange a nearly identical encrypted "handshake", with but the time-date stamp changing. This creates a HUGE hole in the strength of the encryption, as two messages can be directly compared. Enigma is a good example: a lot of the work breaking Enigma was thanks to encoded weather reports sent out by the Luftwaffe.

As for the game, it does provide for strong encryption, and unbreakable encryption. Personally, I'm thinking of using a house rule that the extended test for Decrypt is (Encrypt Rating ^ 2, complex action) for standard encryption with glitches causing the decrypt to have to start over and critical glitches meaning it was unbreakable for that Decrypt program. It would make Encrypt 6 take a *lot* longer to break, while Encrypt 3-4 is still manageable.

[D2F]

If we get realistic encryption, can I have realistic dragons, elves, magic and guns too?

I'd be up for that =)

[Draco18s]

If your key is as long as your plaintext message, then by definition it's a one-time pad, which is unbreakable. I actually mentioned that in the FAQ. The problem is generating the one-time pads and communicating them without being intercepted. That's why modern (but breakable) cryptography uses pseudo-random number generation for the keys, among other things.

Pseudorandom is generally strong enough even in a ShadowRun hacking sense, as there are a multitude of random number algorithms (some more random than others), but predicting them--even in a ShadowRun hacking sense--is going to be extremely difficult as you need to know three (possibly four) things:

What the algorithm is.
What the seed was.
How much of the sequence has already been generated.
(Possibly) How often the seed is reseeded.

The only thing that makes it easier is if the algorithm is shitty:

Say, this formula I was once given (for (supposedly) generating a number from 6 to 36 with more outside results than interiors):

y = (root(60 * random) – root(15))^2 + 21; //where random is a call to Flash's RNG.
Its output:
http://i42.tinypic.com/1zc4dx.png

Two other "better than Flash's RNG" formulas and distribution graphs:

var str = "0."+((Math.random()*(new Date().getTime())/Math.pow(Math.random(), Math.sin(Math.random() +
Math.cos(Math.random()*Math.PI)))));
str = str.replace(/[.-]/g,"");
http://i41.tinypic.com/106yb0x.png

and

"0."+((Math.random()*(new Date().getTime())+Math.pow(Math.random()*(new Date().getHours())+1, Math.sin(Math.random() +
Math.cos(Math.random()*Math.PI))))).toString().replace(/[.-]/g,"").substring(3,53);
http://i43.tinypic.com/24wzor9.png

However, utilizing that data requires knowing something about the RNG, which you can only get from a string of crypotext by analyzing its character makeup and comparing to the makeup of average English text. Byt th4t'z EZly D-featable.

Famous case: Kryptos. The fourth part has been unsolved for almost 20 years and it sits in the CIA's courtyard. It took eight years to solve the first three sections, the creator thought it would take 8 months and expected that the final section would take a few years. Due to how long its taken there is one other person who has the solution, in case the creator dies first so any future solution can be checked (though he doesn't know the solution off the top of his head any more anyway).

[Brazilian_Shinob...]

Of course, Shadowrun gives the impression that P=NP and someone reliably proved this, making possible black boxes capable of actual non-deterministic computation. This would be a lot of pain for the scientists of today to create a new way of making data secure. Of course, this would be boring and SR adopted the network/dungeon approach, where there are "beasts" defending the "dungeon".

[Draco18s]

Of course, Shadowrun gives the impression that P=NP and someone reliably proved this, making possible black boxes capable of actual non-deterministic computation. This would be a lot of pain for the scientists of today to create a new way of making data secure. Of course, this would be boring and SR adopted the network/dungeon approach, where there are "beasts" defending the "dungeon".

Right. SR wants beasts defending the dungeon, but at the same time, do away with the dungeon (see: everything is wireless, even your underwear). Means that at most paydata is 2 hops away from "you" and its trivial to avoid the beasts.

Example: hacking cyberware. Cyberware can't run IC, yet can be hacked, by RAW, wirelessly, from a distance, without going through the user's PAN (which can run IC...if their comlink isn't the el cheapo 1/1).

[Tymeaus Jalynsfe...]

Actually it just forces you to get a little more creative in obtaining those cryptographic keys, which can be a good thing depending on what tone you want for your campaigns.

The reason Shadowrun's default encryption is so weak is that SR is not trying to emulate reality. It's emulating Hollywood action movies. In action movies, hackers can always break any encryption within seconds by tapping on a keyboard for a bit. The thinking here is that realistic encryption, and the ins and outs of getting around it, are not as exciting as the shootouts, martial arts fights, car chases, and tense sneaking scenes. Therefore, encryption is set up as a minor obstacle that can be overcome in the same time frame as the exciting scenes, and is meant to be used as an additional complication.

Realistic "strong" encryption, which, even when not unbreakable, would take many years to break through brute force, works best for more "cerebral" games, where the group is indeed interested in the longer, more involved process for getting around them. Cracking an encrypted file, or tapping into a secure connection, can then become the main goal of the adventure, rather than a secondary obstacle.

We use a combination of these solutions...

Breakable Encryption on most systems (Standard Rules)...
"Strong Encryption" for those systems that need more finesse than Brute strength (Optional)...

Both work out pretty well, depending upin which system you are trying to hack... sometimes we know going in which we are going to use, and sometimes we do not,... I thas wroked very well for us...

Keep the Faith

[Tymeaus Jalynsfe...]

Right. SR wants beasts defending the dungeon, but at the same time, do away with the dungeon (see: everything is wireless, even your underwear). Means that at most paydata is 2 hops away from "you" and its trivial to avoid the beasts.

Example: hacking cyberware. Cyberware can't run IC, yet can be hacked, by RAW, wirelessly, from a distance, without going through the user's PAN (which can run IC...if their comlink isn't the el cheapo 1/1).

Just 2 Hops? Really? I do not see that myself...

Cyberware can't run IC? Really? it is a peripheral node that can be clusterd, so I would say that it CAN run IC if configured properly (and since it can contain a DataBomb on its access node (assumming that it is wireless), I do not see why it could not contain something else)... and as for the Hacking of the "ware, If you disable all of the Wireless (Doable by RAW) then you cannot hack it at all... and if you never integrated the 'ware into your PAN, then you cannot get to it that way either... so I am not sure what your point is in that example...

Keep the Faith

[Eratosthenes]

Right. SR wants beasts defending the dungeon, but at the same time, do away with the dungeon (see: everything is wireless, even your underwear). Means that at most paydata is 2 hops away from "you" and its trivial to avoid the beasts.

Example: hacking cyberware. Cyberware can't run IC, yet can be hacked, by RAW, wirelessly, from a distance, without going through the user's PAN (which can run IC...if their comlink isn't the el cheapo 1/1).

Cyberware operates in hidden mode, meaning that to connect to it wirelessly, you'd need to be in mutual signal range.

Since cyberware has a signal of 1...you can't exactly hack it from anywhere.

(You would have to first hack their commlink)

[Draco18s]

Just 2 Hops? Really? I do not see that myself...

Park the van across the street or down the block. Van -> nearby node -> target.

Cyberware operates in hidden mode, meaning that to connect to it wirelessly, you'd need to be in mutual signal range.

Or hack something that's in mutual range of it. Say...the vending machine, that dude's shirt, the water fountain....there's no penalty for doing that, you know. And there's a bonus: harder to trace!

And hidden mode doesn't have any effect on signal range.

Since cyberware has a signal of 1...you can't exactly hack it from anywhere.

Signal rating 1 gives 40 meters. There's a lot of places you can be that's 40 meters away and avoid getting shot/seen/stabbed. There's also a lot of stuff between me and the target where each object is less than 40 meters away from the next that has a signal of 1.

[Minchandre]

I'm very sad that no one's pointed out the primary implication of stronger encryption to the average 'runner: a proliferation of lead-pipe decryption methods.

[nezumi]

Note that I use SR3.


My assumption is that, because of the size and speed of data transferred for ASIST technology makes conventional encryption uneconomical (because of the lag it would cause). For my SR game, I wrote the following:


Encryption is a huge issue all on its own. In the real world, any encryption that can be broken in 5 minutes using COTS gear is trash. On the flip side, not allowing encrypted transmissions to be broken fairly easily makes decking far, far more difficult and time-consuming. This is something I've been considering for a while. I'm definitely open to thoughts on this. Generally what I've settled on is there are three basic types of encryption:

1) 1:Many, high-throughput encryption- this is what a matrix server uses. As it must cater to very, very many users and has to transmit a lot of information very quickly, it has all sorts of difficulties establishing who precisely you are, settling on encryption algorithms and encrypting and decrypting almost instantaneously. Because of these difficulties, a decker can break in with some know-how and the right tools.

2) File encryption - this is low-throughput and presumably has fewer users, all of whom already possess a shared secret like a password. This is more like conventional encryption on files. It takes time to break, sometimes a lot of time, but it's not unbeatable. A decker won't want to decrypt a file on the host because of how time-consuming it is, but he may download the file and decrypt it at his leisure.

3) 1:1, high-throughput encryption - this is what riggers generally use. Because a rigger has physical access to the device, she can install firmware like a one-time-pad which greatly increases encryption strength. If this is possible to break, it is extremely difficult and not especially expensive to install.

Shadowrun gets sort of weird in that it has a dozen different types of encryption, with different rules for each, but without any real understanding of why they're different. I think if we established the different methods, you could use them as appropriate and allow for crossover without a lot of fuss. A system may use encryption method #1 for its drones because it has a hundred people who each have to log in to a thousand specialized drones. Meanwhile, a matrix host may use #3 encryption because it's a restricted access host that only has a few users. Your own commlinks might use #1 or #3, but each one has its own special requirements in order to work. If you use #3, you can't interface with anyone until you've physically had time to fool with their device, and everyone is limited to the lowest-rating encryption in the group. If you're using #1, it's a lot more dynamic, but easier to crack.

[Sengir]

Or hack something that's in mutual range of it. Say...the vending machine, that dude's shirt, the water fountain....

Why hack it? Routing is done automatically, as long as some device (in active mode) is in range of a device that's in range of a device in range of your target you have a connection.


But as far as cyberware is concerned: All implants have DNI, so why bother to switch on the wireless function in public?

[Draco18s]

Why hack it? Routing is done automatically, as long as some device (in active mode) is in range of a device that's in range of a device in range of your target you have a connection.

Voila. Dungeon removed.

But as far as cyberware is concerned: All implants have DNI, so why bother to switch on the wireless function in public?

Because by RAW it is. All the time. There is in fact a side panel about turning it off.

[Bira]

I think it's a bit of a stretch to go from "wireless functionality can be turned off" to "it's on all the time, for everything!". I see the side panels and other explanations as the authors going out of their way to explain that people aren't stupid (at least, not the people shadowrunners are likely to target). They're not going to leave wireless networks hanging out wily-nilly. In fact, one of the specific design goals of the new Matrix system is to make the really juicy hosts hard to access remotely, thus making the group's hacker have to go in and mix it up along with the rest of the team. Those secure servers are going to either be off the airwaves entirely, or will have their wireless networks sharply limited by radio-blocking paint and other similar measures, if they absolutely must have Wi-Fi.

[Draco18s]

I see the side panels and other explanations as the authors going out of their way to explain that people aren't stupid [...] Those secure servers are going to either be off the airwaves entirely, or will have their wireless networks sharply limited by radio-blocking paint and other similar measures, if they absolutely must have Wi-Fi.

The authors intentionally made it easier to target a secure location without being on-site, then wrote sidebars on how that's not the case?

That seems...counter-productive.

I also love how the authors seem to think that wifi--which is for ease of access from anywhere, and inherently less secure--is PERFECT for security devices. It's like taking your classic CC TV (that stands for "closed circuit television" which means its not on the 'net which means it is simply NOT HACKABLE from the outside) and putting it on wireless, and then having rules that say that any wireless device can connect to any other wireless device (provided signal range). That means that your CEO's personal computer is on the same network as the door lock on the front of the building which is on the same network as the coffee shop across the street, which is....

You get the idea. They intentionally made everything easier to access from the matrix, didn't put in any of the Domain boundaries that exist in the real world, and then had to go "waitaminute" and whip up some half-assed explanation on why it doesn't work that way (wifi-inhibiting paint in every room, which means that the security camera can't talk to the main security server...oh, well, maybe we need something else too. Uh, encryption...wait, that's trivial to break. Um...).

They took out the dungeon (the matrix map) in favor of "automatic routing" and then had to bullshit a reason why you can't just hack anything from anywhere adding the dungeon back in.

[sunnyside]

This cipher is unbreakable because while I could try guessing different keys and seeing if I get "dumpshock" back, I would only know that's the correct answer if I knew it going in - "eplxadppp" could also mean "kjonesroxx" or "iluvdandd" or anything, and there's no way of knowing. (Assuming that the key generated was perfectly random.)

While that's true, only one of those will make the rest of the text or whatever come out legible.

If you presume the existance of quantum computers they may be able to crack all sorts of stuff simply be requiring the system to collapse into something that matches a known language. I'm not sure how in the world to actually do that, but it would seem to be within the realm of theoretical possibility... At the least I've seen people writing about quantum computers being able to bust the classic prime # problem that way.

However, in the end it comes down to us knowing a lot less about this stuff than the Hackers, Deckers, or Otaku.

Imagine people in our past an equal distance to where SR is set in the future. I think that's what, 63 years now? So that'd be 1947. Stuff that was probably considered ubreakable without capture of a machine would be eaten for breakfast by modern computers. The people of that era would probably have a hard time wrapping their heads around what our desktops can do.

So, given that we can't really know what things are going to be like in encryption, we might as well select something that's fun (IMG:style_emoticons/default/smile.gif)


Also, since I was thinking about it, one time pads might be hard to use in SR because of the realities of interferance and the hacker sending in their own signals. The security of a one time pad is based on a lot of assumptions, and when you start doing things like resending, responding to everything in the air, or resorting to pseudorandom numbers stuff starts breaking down.

[Sengir]

Voila. Dungeon removed.

Well, the dungeon in removed (that's why I dislike the subscription rules - I again have to design a dungeon, but only for my PAN?), but the big bad monster (aka "the badass IC") guarding the door to the treasure is still there.

Because by RAW it is. All the time.

By RAW most cyberware has some wireless capacity...but who the hell would want to keep that active? And even if it is active, it should still be slaved to your 'link (and if you are lucky, that 'link is slaved to the TM's bionode (IMG:style_emoticons/default/wink.gif) )

[Draco18s]

While that's true, only one of those will make the rest of the text or whatever come out legible.

Actually, no. It comes out legible for every 9 letter word.

And there's a lot of those.

Also: when encrypting more data, you don't encrypt just the letters. You encrypt the spaces and punctuation too (requires 92 encrypt-able characters, IIRC*). Add in an additional number of standard (but not on the keyboard) characters and you get 114.** Bump that up to 128 and you can encrypt any stream of data, parsed into 7 bits each, though likely you'd hop up to 8 bits so each encryption character is a nice even byte in size.

*26 letters *2 + 10 numbers = 62.
+10 number-key symbols = 72
11 additional dual-symbol keys * 2 = 22
72 + 22 = 94.

So close. Off by 2.

**Basing this number off Flash's embed font option. Upper, lower, number, and symbol total to 114 characters.

[Bira]

I figure that the prevalence of "easy" wireless connections applies more to the day-to-day lives of people in the Sixth World than to the hypothetical ultra-secure facility we all like to use in our examples. That place is certainly not going to bother with wireless connections for anything that doesn't absolutely require it. If all the camera feeds go into a central server, which is itself behind a RF-inhibiting barrier, then of course they're connected to it by hard lines rather than wi-fi.

The cutting edge in security doesn't have to be old-fashioned, centrally controlled CCTV cameras, though. You could also have a place liberally sprinkled with tiny sensors of varied types linked into a mesh network with all the drones and guards patrolling the area, protected by a dramatically appropriate level of encryption (see my first post here). It's all behind its own RF barrier, of course, so you have to get into the sensors' range before you can hack them. There isn't a single place you can hack to take control of the whole network, either, which would be the case with the camera server.

Pervasive wireless networking opens up new applications, but the people that design security systems aren't going to use it for those applications where wired networks are obviously better. That's plain common sense, IMHO. The game does give you some chances to shoot yourself in the foot when it comes to wireless security, but it doesn't mean everyone will jump at those (IMG:style_emoticons/default/smile.gif) .