Encryption: How does it work? Options

[Eyeless Blond]

So far I've seen at least four different rules for ways to encrypt and decrypt things, starting with the rather useless one on sr3 p.292-293 to the much harder to crach--and, paradoxically, lighter and cheaper--units used in R3. Which ones can you use for which situations, and what's the best, in general, to use for keping runners in contact with each other?

[Frag-o Delux]

The ones in SR3 are for normal comm gear, the ones in R3 are for networks. They are not compatible. Well I am pretty sure they are not, we just had a discussion about them in the rigger thread.

[mfb]

i love how the entire concept of networking apparently got lost in the crash. i should have one of my characters start a major corporate war by inventing the goddamn token ring.

SR's encryption rules are completely spastic. the only possible way to partially explain it is that someone found a mathematical shortcut that allows you to solve incredibly complex equations involving prime numbers a couple million times more quickly than today's math can (this is theoretically possible; there's a pair of twins in the UK--i think it's the UK--that spend their spare time trading insanely large prime numbers; obviously, some sort of shortcut to generating such large primes exists). even then, it should be a relatively simple matter to just generate higher levels of encryption, and make such a shortcut obsolete.

furthermore, there's absolutely no reason why something that decrypts rigger network encryption should be unable to decrypt regular radio traffic--it's all the same goddamn thing. rigger networks simply transmit a lot more data.

with that rant out of the way, your best bet is probably figuring out a way to run it through the rigger's RCD.

[Moon-Hawk]

[CardboardArmor]

[Lilt]

Actually encryption isn't all that hard to break, you just need to use something as powerful as the human brain. I once heard that if you convert data encrypted with RSA encryption into sound (I don't think it was a direct wav translation) then a trained expert can figure-out the prime numbers involved in some ridiculously small period of time (15 minutes or something) just working by ear.

Of-course this is hearsay and I've never done it myself.

[John Campbell]

[Moon-Hawk]

I know, I'm on distributed.net.
My point was that increasing processing power is obviously not the solution since SR processing power is extremely increased and yet...y'know what? Nevermind. I've read my post, and my point was extremely poorly made. From the looks of it, I forgot my point halfway through writing it. I fold.

[bahwi]

Remember, a lot of the comm gear as well as other gear has the encryption routines and the DRM built into the device. Buying something with decryption IMO is a hacked-up version of a radio or whatever, and then it only sometimes will work if it can break the key. A lot of this stuff is built in, not just software based as it is now in our time. (And yes, DRM is coming, and hard-wired encryption is too, and when it is here and too complex for people to make in their spare time ---> SEE DishTV and DirectTV, you have to copy a H card or other type of card to pirate it, or get it legally. No one has yet re-created this software wise, even though it is broadcast all over the US and SkyTV(I think) is broadcast all over england and beyond!). So that is an idea of what is to come. Yes, the encryption and decryption rules are simplified for game play, but I think that applying todays concepts of software encryption would be incorrect as well. Use the coming soon to your motherboard, in your IPOD, Otis, and other MP3 players, etc.. DRM and the DishTV/DirectTV hardware-based card encryption that no one has cracked via software yet(AFAIK) to plot out more advanced rules if you think they are necessary.

If you do, post a link and PM it to me cuz I wouldn't mind them. It just isn't as big a concept in my game (yet) as it is for most others.

[Eyeless Blond]

The real problem is that a well-designed encryption algorithm isn't balanced in-game, so you have to figure out something that *is* balanced and work with that, much like the rules for all of decking. As you guys have said, currently on the market are many free or very cheap encryption methods that are impossible to break by anything short of either exponentially more computing power or a complicated man-in-the-middle attack, which pretty much means that the spy has no chance of decrypting something that an encrypter really sets his mind to hiding. In addition, there is a certain type of encryption called a one-time pad that is provably unbreakable, with the complication that the secret key must be at least the same size as the data being transmitted.

On the flip side, I expect that quantum computing will become viable in personal systems by then (thus the reason programs and processors alike are encoded on optical chips), and that pretty much changes all the known rules of what is calulable in polynomial time. There are already mathematicians working on writing programs for this kind of computer, and the results are frankly amazing. I've heard one grad student wrote a program that can factor a number in polynomial time, which would basically make all current reasonable forms of encryption obsolete.

[Moon-Hawk]

[mfb]

cardboard, i'd possibly allow that a regular radio network can't handle/decrypt a rigger network. however, a rigger network ought to be able to handle/decrypt a radio network, much the same way that a DVD player can play CDs.

[John Campbell]

We've discussed one-time pads here before on a couple of occasions, and generally seem to end up with opinions split between those that believe that introducing theoretically unbreakable encryption into Shadowrun would break the game, and those (including myself) that believe that the limitations within which OTPs have to be used to actually be unbreakable are sufficient to keep them from breaking the game, and, if used realistically, can actually add to the game by requiring more interesting methods of attack on certain bits of data than just having the decker spend ten minutes with a Decrypt program.

[mfb]

on quantum computing: i honestly don't see that happening, in SR. if it did, every VR system would be ultraviolet-rated, and the most powerful systems around would be about the size of your hand. implanted computers--smartlinks, tactical comps, etc.--would cost about 0.01 essence. quantum computing is disturbingly powerful.

[gknoy]

[mfb]

theoretically, it's possible to simulate any computing system with any other computing system. you could emulate a Cray with an abacus--which is about the comparison between modern computing and quantum computing. something that a quantum computer could calculate in seconds, a bank of our most powerful supercomputers would spend years on, if not decades or even millennia.

there ought to be a specialization of Computers and Electronics called Cryptography. acts as a complementary skill to crypto stuff.

[gknoy]

[nezumi]

Here's a thought (based off of the one mentioned earlier)...

Unlike now, no one offers their "free" encryption protocols. You have to pay to get a black box of DES or what not, everything is carefully kept black box and carefully guarded. The corps realize how valuable data is and all that. So the rating 4+ encryption algorithms, despite being pretty basic (and perhaps a level 8 is just two level 4's tied together), is sold at an unnaturally high price. Level 3 and below are those made by random people who aren't quite as sure what they're doing, and do have more vulnerabilities/are more simplistic. The decryption algorithms then is your data search. It identifies the algorithm (this is usually stated in the handshake to begin with, so its not secret), then searches for known vulnerabilities.

[Wireknight]

The only real problem with this is the fact that there are two(three, if we subdivide the first) sources of encryption technology. The first is private individuals(freelancers/open-sourcers and corporations being a good subdivision to make), the second is where the aforementioned likely came from, i.e. the halls of academia.

Encryption algorithms developed as part of theoretical mathematics research would be published in journals. Individuals who wrote encryption would likely be willing to release their cryptographic protocols publically and for free(see PGP). No one releasing anything they develop, in the future, is like saying people won't ever program or develop theories, except under the direct supervision and oversight of a corporation.

If there are no independent algorithmic thinkers and actors in the future, it makes Shadowrun a pretty boring place to be a technophile.

[hobgoblin]

unless your on a corps payrole. the problem with any type of encryption is that its a gamebreaker for the pure techie most often, it basicly makes all your hard work useless unless you can get hold of the key. and getting the key is a effort in physical detective work more often then computer work, therefor breaking with one of the pillars of classical cyberpunk (i know neuromancer was written by someone that didnt know what a computer was or how it worked). if you want a more realistic look at computer security then take a look at blue planet.

[gknoy]

Except, the world of encryption is the opposite of the resty of the world, when it comes to wanting secrecy. Secret algorithms are almost always weaker. The only way algorithms can be proven to be secure is by peer review, and cryptanalysis by many others. (Many people WANT secret algprithms, and there are a lot out there, but there's no proof that they are any good.)

I could make up my own algorithm right now, and call it CrytoTwiddle, and market it as usable for the latest secure communications protocol; but I am not omniscient enough (indeed, NO ONE is) to know that it is secure on all fronts: key management, transfer, generation, is there any repeated plaintext or anything that makes an implementation of an algorithm weaker? These are the sorts of questions that cryptanalysts look at, in addition to the math behind the base algorithm.

Even a corporate-sponsored research lab, I believe, would have a hard time coming up with an encryption method that was secure enough. "Security through obscurity" simply means that no one knows how it's done -- and thus can't duplicate / break it; however, this is totally insecure: there is no such thing as real security through obscurity. Once any person knows how it works, and publishes (such as to Shadowlands), you're screwed. :)

I imagine that the largest communities of encryption experts are actually active on Shadowlands, or perhaps in a think-tank sponsored by many corporations (and employing MANY researchers - like a conglomerate multi-lab :)). It's the only way to get the sort of peer review needed to ensure that somethign is _secure_, as opposed to "not broken YET".

This post has been edited by gknoy: Apr 9 2004, 07:37 PM

[Rev]

Heh yea that is sort of funny, the idea that encryption would be game breaking because decking would be impossible. Isn't it nice to know that computer hacking in the real world is impossible because of encryption? :spin:

It would just be a bit different, and there would probably be more RP and on site stealing needed for a decker to get anything done. Maybe the rest of the team's job would just be to hook the deckers dongle onto a computer inside the corp hq and get a pass phrase from some employee. The matrix combat stuff already has absolutely no attatchment to any conceivable reality, so nothing about it needs to change unless you want to make the system realistic (meaning pretty much requiring an obsessive personality due to the slow tedium of it and making most of it a technical procedure rather than a combat one).

A few, imho really irritating, elements would be gone from the game. Encrypted radio com would be easy and unbreakable. No more drone control contests. You could still do electronic warfare to disrupt communication, but you would not be able to take over another persons drone with a simple die roll.

[hobgoblin]

heh, takeing over a drone with a simple die roll. thats the player talking, not the char. the char would be fakeing signal packages so that the drone thinks its talking to the boss when told to to redo the handshake routine and hook up to a new datastream.

i find the idea of unbreakable encryption more irritating then the ability to listen in on radio traffic or takeing over control of a drone. if someone can take over control of a drone then so can the original owner. if the runners can get into the radio traffic of the secuirty then so can the security do to the runners. anything in sr is a doubleedge sword. sure unbreakable encryption makes the game easyer for the gm but it allso makes it less fun for the players as it removes ways for them to avoid being railroaded by the gm.

[mfb]

well, yes, unbreakable encryption does limit the players' options--but if it hadn't been offered as an option in the first place, no one would complain. nobody complains about gravity, either.

[hobgoblin]

LOL :)
thats one way to look at it :)