Make a decrypt+response (encryption rating *2, 1 combat turn) extended test to break the encryption.
Now encrypt is a program that an agent can load.... (hacking program).
Bandwidth is 'near unlimited'
What if you hae a dedicated agent, that every combat turn, re-negotiations the encryption with the subscribed device and the uses a simple action to re-establish the connection (since it has a password).
A agent could keep three lines 'secure' (three IPs) each phase resetting one (simple action) then reestablishing connection.
With how SR works, 'its' actions occur between the intiative of other things, so other users wouldnt be effected (unless doing something that spans phases).
somebody trying to spoof the signal first needs to decrypt (the current encryption). Decrypt takes a combat turn, every combat turn the encryption is reset.... Poor evesdropper never gets the 'current code' to actually spoof to actually get in.
Now there is constant chatter which isnt going to be 'quiet' but it aint getting hacked even with the best hacker around.
Full Version: Stronger (canon?) Encryption
Unbreakable encryption: Undesired
Multiple encryptions: Undesired
Multiple encryptions: Undesired
It's possible, but if it renegotiate the encryption, he has to send the new encryption key to the device. It means that if a hacker decrypts one of the encryption, he gets the key of the next message, decrypts it, and gets the key of the next message, and so on.
A way to do it would be to store keys in both devices before sending anything (you get one-time pads, can't be decrypted if used as should be).
As for unbreakable encryption being undesired, I don't really agree. I think there a different kinds of encryptions :
* encryptions that slow down the hacker (breakable in some combat turns)
* encryptions that lead to a search of the code (should be unbreakable)
* encryptions that add some tension (breakable in several minutes/hours)
* encryptions that should not be easily broken (online banking data, if you want a consistent universe)
A way to do it would be to store keys in both devices before sending anything (you get one-time pads, can't be decrypted if used as should be).
As for unbreakable encryption being undesired, I don't really agree. I think there a different kinds of encryptions :
* encryptions that slow down the hacker (breakable in some combat turns)
* encryptions that lead to a search of the code (should be unbreakable)
* encryptions that add some tension (breakable in several minutes/hours)
* encryptions that should not be easily broken (online banking data, if you want a consistent universe)
well I think that there should be two different kinds of encryption.
Short term encryption and long term encryption. Short term encryption would occur in communications that are less complex but changing constantly. Long term encryption would be things over the matrix that people would expect someone to intercept and attempt to decrypt. The short term is much less complex but changes so it is not a matter of once you have decrypted it you have it all.
Resolve short term encryption as a threshold based on the encryption rating. If you have the decrypt at a higher level it can negate the encrypt. At the same level or lower you would have to take an action each turn to lower the encryption with a roll. It would basically eat up some of your time. Maybe include a rule in there so if your decrypt is too low compared to the encrypt then you can't decrypt it depending on how you see it.
Resolve long term encryption as a combination of threshold and an extended test. Use the encrypt rating as a threshold for all the tests AND multiply it by some number (or square or cube it) and treat THAT as the extended test target. That way only people with a certain level of ability and the right decryption equipment can even attempt to do it.
Short term encryption and long term encryption. Short term encryption would occur in communications that are less complex but changing constantly. Long term encryption would be things over the matrix that people would expect someone to intercept and attempt to decrypt. The short term is much less complex but changes so it is not a matter of once you have decrypted it you have it all.
Resolve short term encryption as a threshold based on the encryption rating. If you have the decrypt at a higher level it can negate the encrypt. At the same level or lower you would have to take an action each turn to lower the encryption with a roll. It would basically eat up some of your time. Maybe include a rule in there so if your decrypt is too low compared to the encrypt then you can't decrypt it depending on how you see it.
Resolve long term encryption as a combination of threshold and an extended test. Use the encrypt rating as a threshold for all the tests AND multiply it by some number (or square or cube it) and treat THAT as the extended test target. That way only people with a certain level of ability and the right decryption equipment can even attempt to do it.
The catch is would this work 'by the rules'.
If you break the encryption of a file, device, or signal, you dont automatically know every file / device / signal that that person has ever encrypted.
So if every turn your (or the agent) re-encrypts something, then dosnt it effectively become un-dectryptable. (unless/untilll you can knock out the agent somehow).
If you decrypt my password file, so I change all my passwords (before you get on the systems to make a backdoor), and then -re-encrypt the new password file, you can just open it since 'you decrypted' my password file, since I have used a seperate action to 're-encrypt' it.
Now admitedly you are going to have to have a reasonably high level agent to run an strong level encryption, to make this work and for a very limited number of connections, but it would give you a limited very near impossible to get in real time access to the data channel.
Sure you could record and then decrypt the saved data stream (if it had something you wanted like video feeds, etc), but actually breaking into the live stream would be almost impossible (if not impossible).
If you break the encryption of a file, device, or signal, you dont automatically know every file / device / signal that that person has ever encrypted.
So if every turn your (or the agent) re-encrypts something, then dosnt it effectively become un-dectryptable. (unless/untilll you can knock out the agent somehow).
If you decrypt my password file, so I change all my passwords (before you get on the systems to make a backdoor), and then -re-encrypt the new password file, you can just open it since 'you decrypted' my password file, since I have used a seperate action to 're-encrypt' it.
Now admitedly you are going to have to have a reasonably high level agent to run an strong level encryption, to make this work and for a very limited number of connections, but it would give you a limited very near impossible to get in real time access to the data channel.
Sure you could record and then decrypt the saved data stream (if it had something you wanted like video feeds, etc), but actually breaking into the live stream would be almost impossible (if not impossible).
| QUOTE (Serbitar) |
| Unbreakable encryption: Undesired Multiple encryptions: Undesired |
Serbitar:
So by this logic, once somebody has compromised you, you are compromised for ever, for the rest of your existence?
this would work, by the rules, but it's easily bypassed by simply spoofing the agent to send you the password.
| QUOTE (laughingowl @ Dec 18 2006, 07:40 PM) | ||
Serbitar: So by this logic, once somebody has compromised you, you are compromised for ever, for the rest of your existence? |
There's no logic to interpret in that statement. Just a succinct synopsis or SR's game designer stance on encryption. It must be hackable and it can't take forever to resolve.
The FAQ simply suggest to increase the interval of the extended decryption test from 1 IP to 1 round, minute or whatever if you are unhappy with the speed of decryption.
That doesn't make cracking the code any more difficult but if your beef was essentially that communications can be decrypted almost in real time then it solves the issue elegantly.
| QUOTE (laughingowl) | ||
Serbitar: So by this logic, once somebody has compromised you, you are compromised for ever, for the rest of your existence? |
huh? what's one got to do with the other?
Of course beyond that is the simple fact that Megacorps are going to be using top of the line stuff. It clearly states that experimental and military grade programs, and equipment go beyind the normal max of 6. Not that it is an everyday occurence, but when you decide the players need to run into a tougher time, feel free to jack up what they are dealing with. Of course that only goes so far, but it helps.
From how I read the rules the spofin wouldnt work..
You have to make a Matrix Percetion test on the persona/agent to spoof them.
So unless you have hacked one of the commlinks, or decrypted the data stream, you cant spoof the agents involved.
The ways it is 'defated'
1) Enemy Hackers you locate signal and figure out where you are. Burst fire from auto-grenade launcher and problem sovled
2) Enemy Hackers work as team (be it hacker and agents or multiple hackers). One (or more) work in dectrpting signal, as long as they can dectrypt in one turn, they turn over code to another hacker/agent who hacks in.
Now they have to get this all done in one turn, but if they can do it in one turn they are golden (though have thrown alot of hacker talent at it)
You have to make a Matrix Percetion test on the persona/agent to spoof them.
So unless you have hacked one of the commlinks, or decrypted the data stream, you cant spoof the agents involved.
The ways it is 'defated'
1) Enemy Hackers you locate signal and figure out where you are. Burst fire from auto-grenade launcher and problem sovled
2) Enemy Hackers work as team (be it hacker and agents or multiple hackers). One (or more) work in dectrpting signal, as long as they can dectrypt in one turn, they turn over code to another hacker/agent who hacks in.
Now they have to get this all done in one turn, but if they can do it in one turn they are golden (though have thrown alot of hacker talent at it)
| QUOTE (Charon @ Dec 18 2006, 08:21 PM) |
| Just a succinct synopsis or SR's game designer stance on encryption. It must be hackable and it can't take forever to resolve. |
I'm sort of surprised the developers that don't that this same stance towards physical barriers. All walls much be hackable with common household tools inside of a few combat turns? After all, how else could anyone expect PCs to get through that 10 foot reinforced concrete wall other than them pulling out a knife and starting chipping?
Or would that strike even them as blatantly and obviously stupid?
| QUOTE (kzt @ Dec 19 2006, 01:34 AM) |
| I'm sort of surprised the developers that don't that this same stance towards physical barriers. All walls much be hackable with common household tools inside of a few combat turns? After all, how else could anyone expect PCs to get through that 10 foot reinforced concrete wall other than them pulling out a knife and starting chipping? Or would that strike even them as blatantly and obviously stupid? |
Bad analogy.
Hackers are an integral part of a runner team and need to be able to do their duties within the frame of a fast paced adventure.
Tunnel diggers on the other hand aren't so integral to the game.
This is a metagame issue in case you haven't noticed. Designers made it so that hackers can keep up with the rest of the groups.
kzt, the point is that there are ways around a 10 foot reinforced concrete wall - lots of them.
Airlift over them.
Climb over them.
Demolish them with an RPG-9.
Tunnel under them.
Bluff your way through a gate.
Shoot your way through a gate.
But for unencrypting files? There's only two ways to get that - either know the right password, or Decrypt it.
Airlift over them.
Climb over them.
Demolish them with an RPG-9.
Tunnel under them.
Bluff your way through a gate.
Shoot your way through a gate.
But for unencrypting files? There's only two ways to get that - either know the right password, or Decrypt it.
| QUOTE (ShadowDragon8685) |
| kzt, the point is that there are ways around a 10 foot reinforced concrete wall - lots of them. Airlift over them. Climb over them. Demolish them with an RPG-9. Tunnel under them. Bluff your way through a gate. Shoot your way through a gate. But for unencrypting files? There's only two ways to get that - either know the right password, or Decrypt it. |
When you get right down to it, you can either go around or through a wall. Not many options there, are there?
Just like a reinforced concrete wall there are lots of ways of dealing with encryption that make more sense than assuming it's a trivial obstacle that can be ignored.
Lets list some:
You steal/copy the key distribution media
You hack the system in question so it isn't encrypting
You coerce someone to give you the key
You con someone into giving you the key
You replace the keyboard (etc) with one that has a keylogger built in
You hack the system so that it gives you a copy of the key
You modify the hardware so it gives you the key
You break the trivial passwords that people typically use (a far different scale of attack than attacking the actual cryptosystem keyspace)
You send a drone in to watch them enter the key
You walk in invisibly and watch them enter the key
You tap the system before it encrypts or after it is decrypted
You find the key written under their desk calender (etc)
All of these have the advantage of making the players actually DO something actively towards accomplishing their goal, instead of it just being another pointless hoop to jump through that they can do on autopilot. And they typically have to take risks to do these, they can't do it from the safety of their secret underground lair in Antarctica.
| QUOTE |
| You steal/copy the key distribution media |
Sure. If you could pull off a meat stunt like this, I don't think that you'd be bothering with a datasteal.
| QUOTE |
| You hack the system in question so it isn't encrypting |
Nice try, but not how it works. FILES are encrypted, the SYSTEM may or may not be, but even if it's not, the files are.
| QUOTE |
| You coerce someone to give you the key You con someone into giving you the key |
Possible in the Sixth World, but almost as risky as just swiping the hardware. And you're assuming that the "Key" is an actual password, and not something more esoteric and difficult to spoof - verifiable biometric data, a secure RFID chip implanted in someone's head, or something else.
| QUOTE |
| You replace the keyboard (etc) with one that has a keylogger built in |
For Shadowrun: 2007, this would work. For Shadowrun: 2070, forget about it. Most people probably don't even have a keyboard, let alone enter secure data on them that can be had by shoulder-surfing or a keylogger. And of course, there's nothing to say that the encryption itself dosen't have a one-time pad system as it's decoder. With SR4 file sizes being almost nonexistant compared to storage, you could pack a ridiculous number of years' one-time pads into a file.
| QUOTE |
| You hack the system so that it gives you a copy of the key |
Again, you assume that the system even understands what the unencrypted key is. If this is a more common file, with keys distributed on demand, it would be in theory possible - for anything more secure, forget it.
| QUOTE |
| You modify the hardware so it gives you the key |
If you have the hardware in your clutches, there's no need for you to decrypt a single qu-bit. Just hand it over to Mr. J, who takes it back to his R&D and they use an UltraMegaHuge Processing Machine to brute-force it.
| QUOTE |
| You break the trivial passwords that people typically use (a far different scale of attack than attacking the actual cryptosystem keyspace) |
Password? Again, see above - I don't think anyone actually uses passwords anymore.
| QUOTE |
| You send a drone in to watch them enter the key |
See the keylogger entry. Plus, people would notice a drone.
| QUOTE |
| You walk in invisibly and watch them enter the key |
Sure, you waltz right in past astral security and engage in some shoulder-surfing - only to find out that the "key" is a biometric or something even more esoteric.
| QUOTE |
| You tap the system before it encrypts or after it is decrypted |
And if you have this kind of hardware access, you've already mastered the system, thus rendering encryption trivial.
| QUOTE |
| You find the key written under their desk calender (etc) |
Highly unlikely.
i think easily-defeated encryption is a viable design choice. the basic question is, do you want players of hackers to have to actually hack, or do you want players of hackers to treat it like magic?
if you make encryption realistic, players of hackers have to actually hack. every time they want to do something, they--the player--has to figure out some sort of loophole or flaw that allows them to bypass the encryption. maybe they have the adept sneak in and find the password some sarariman wrote down on a stickynote at his desk. maybe there's a certain workstation that never got upgraded, or a router that traffics the data before it gets encrypted.
now, personally, i think that sounds fun as hell. but, honestly? mages don't have to do that. they don't have to figure out the magic words that will convert mana into a bolt of electricity. street sams don't have to calculate the angle at which they'd need to hold their weapon in order to hit the guy on the roof over there. in every other situation in the game, the basic function a character fulfills--summoning spirits, shooting people, blasting spells out, punching faces, whatever--is handled by (ideally) well-defined interactions between dice and target numbers.
the decision to not make hacker players the odd man out, to not require them to actually know something about the fictional role their character fills in order to do their in-game job, is perfectly okay.
if you make encryption realistic, players of hackers have to actually hack. every time they want to do something, they--the player--has to figure out some sort of loophole or flaw that allows them to bypass the encryption. maybe they have the adept sneak in and find the password some sarariman wrote down on a stickynote at his desk. maybe there's a certain workstation that never got upgraded, or a router that traffics the data before it gets encrypted.
now, personally, i think that sounds fun as hell. but, honestly? mages don't have to do that. they don't have to figure out the magic words that will convert mana into a bolt of electricity. street sams don't have to calculate the angle at which they'd need to hold their weapon in order to hit the guy on the roof over there. in every other situation in the game, the basic function a character fulfills--summoning spirits, shooting people, blasting spells out, punching faces, whatever--is handled by (ideally) well-defined interactions between dice and target numbers.
the decision to not make hacker players the odd man out, to not require them to actually know something about the fictional role their character fills in order to do their in-game job, is perfectly okay.
| QUOTE (mfb) |
| i think easily-defeated encryption is a viable design choice. |
So, out of curiosity, how do financial institutions ensure the integrity of online monetary transactions in your games?
| QUOTE (RunnerPaul) | ||
So, out of curiosity, how do financial institutions ensure the integrity of online monetary transactions in your games? |
My way is that I ignore things like that because I know that I'm playing a game, and that in order for one type of character to be viable at all, there might be a few discrete concepts that you have to accept as they are.
So banks have secure transactions and the world doesn't collapse, because if they didn't and the world collapsed I wouldn't have a game to play.
(I know some people don't like this approach, but it works for me. For me, it's not worth the extra headache and testing that would be required in order to rework the system so that everyone <read: hackers and banks> worked on the same system.)
well, in my games, i play SR3. so i can toss rating 14 encryption on things, if it ever comes up. breakable, but not in enough time to be useful. why doesn't everyone use rating 14 encryption on important stuff? 'cos.
| QUOTE (mfb @ Dec 19 2006, 07:07 PM) |
| so i can toss rating 14 encryption on things, if it ever comes up. breakable, but not in enough time to be useful. |
Two words: Simple Action.
Data-Encryption is a joke in SR3 if you use a deck.
You mean broadcast encryption? It's limited to 10 - but that is close to unbreakable... as it uses completly different rules.
there aren't that many people running around with a rating 7+ decrypt program and enough skill to crack rating 14 encryption in a single simple action. most of the time, they'll have to make several attempts. i suppose if it actually became a problem, i could just up it to rating 20.
| QUOTE (mfb) |
| there aren't that many people running around with a rating 7+ decrypt program and enough skill to crack rating 14 encryption in a single simple action. |
Indeed, rating 7 would be low-end for a PC decker... even the the generic decker connection runs programs up to rating 8.
| QUOTE (mfb) |
| most of the time, they'll have to make several attempts. |
You mean like, some actions against one? Big difference... it still takes longer to download a file than to crack it.
| QUOTE (mfb) |
| i suppose if it actually became a problem, i could just up it to rating 20. |
It still needs just one success, so it's no big deal.
Just in case you still haven't notice: No such this like a strong canon data encryption in SR.
| QUOTE (Rotbart van Dainig) |
| Just in case you still haven't notice: No such this like a strong canon data encryption in SR. |
OMG! All sudden you english is weird! wtf!?
| QUOTE (Rotbart van Dainig) |
| It still needs just one success, so it's no big deal. |
as i recall, it's an opposed test like any other on the Matrix. Access subsystem, i think. as for rating 8 programs, yes, they're for sale--for hundreds of thousands of dollars. a PC decker can cook up his own, of course, but a PC decker is easy enough to leash. NPC deckers are what i'm mainly concerned with, and it's pretty simple to say that NPC deckers generally lack access to high-rated programs.
and, yeah, strong data encryption in SR3 is hard to come by. a determined PC can always overcome it (at least, all of my deckers have). one of SR3's many, many shortcomings.
| QUOTE (mfb) |
| as i recall, it's an opposed test like any other on the Matrix. |
True, if it's stored on a system - if it's stored on a chip, on the other hand, it isn't.
And strong encryption should be able to protect stored data.
true. but, like i said, it's a design choice. encryption, in SR, is little more than a speedbump.
| QUOTE (Moon-Hawk) | ||
OMG! All sudden you english is weird! wtf!? |
Coffee pointers are assembling my brain! ..uh.
| QUOTE (Rotbart van Dainig) | ||||
Coffee pointers are assembling my brain! ..uh. |
Hahaha! Okay, you win; you made me LOL at work.
| QUOTE (eidolon) |
| So banks have secure transactions and the world doesn't collapse, because if they didn't and the world collapsed I wouldn't have a game to play. (I know some people don't like this approach, but it works for me. For me, it's not worth the extra headache and testing that would be required in order to rework the system so that everyone <read: hackers and banks> worked on the same system.) |
I'm glad it works for you, but for my table, we've found that excessive use of plot armor leads to suspension-of-disbelief problems.
| QUOTE (eidolon) |
| My way is that I ignore things like that because I know that I'm playing a game, and that in order for one type of character to be viable at all, there might be a few discrete concepts that you have to accept as they are. So banks have secure transactions and the world doesn't collapse, because if they didn't and the world collapsed I wouldn't have a game to play. |
So you realize it's essential to the game world that that there exist unbreakable encryption, but you'd find it too complex to run a game where you and the players had to actually plan how to defeat it? Whatever.
I've never understood why people liked to play FPS games in god mode either . . . .
"whatever"? whatever your whatever. hacking as a video game-like activity is fun. hacking as a time-consuming, highly-complex activity that requires the entire team's cooperation every single time you plug into the Matrix is... well, like i said, it sounds fun to me, but it's a different kind of fun.
SR4 isn't for you, loser.
| QUOTE (kzt) | ||
You steal/copy the key distribution media
|
Just because you have the physical media it doesn't mean you can read it. And if you are talking about absurdities like one-time-pads you have to be shipping a huge volume of crap around, as the pad must be larger than the largest file.
| QUOTE (kzt) | ||
You hack the system in question so it isn't encrypting
|
What does the actual decryption? Isn't it software on their system? I typically find that replacing their working encryption program with a non-working encryption program does a pretty good job. Do you think that the any user actually goes and looks with a hex editor to see if it's really encrypted? And I also get the key at the same time. Isn't open source wonderful?
| QUOTE (ShadowDragon8685) |
| And you're assuming that the "Key" is an actual password, and not something more esoteric and difficult to spoof - verifiable biometric data, a secure RFID chip implanted in someone's head, or something else. |
Cryptography is a mathematical process and relies on numbers to do the encryption. The key that does the decryption is going to be a number, even if it's represented as something else.
| QUOTE (kzt) | ||
You replace the keyboard (etc) with one that has a keylogger built in.
|
How do they enter that file password then? It can't be stored on the system and entered automatically, or it wouldn't be an issue as the hacker would get it decrypted automatically. So the actual user needs to be entering this in some fashion, right? How?
| QUOTE (ShadowDragon8685) |
| And of course, there's nothing to say that the encryption itself dosen't have a one-time pad system as it's decoder. With SR4 file sizes being almost nonexistant compared to storage, you could pack a ridiculous number of years' one-time pads into a file. |
Don't be absurd. This makes a simple and completely secure process into a three stooges movie. How would you distribute your huge number of giant pads? Email? Where would you store it? On-line? You can't encrypt it with a one time pad because the pad has to be larger than all the data, so it just gives you a bigger problem. Why isn't a 512 bit cypher system that will take to the heat death of the universe to crack secure enough for you?
| QUOTE (kzt) | ||
You hack the system so that it gives you a copy of the key.
|
If keys are distributed on demand, then why does a hacker who broke into a legitimate users account need to worry about encryption? The system will just use the key, just like it would for the authorized user, and hand him the decrypted file.
That's why you need to store the keys off-line. So only the people who have the key can enter it. Which means they have to have memorized it (how many random 64 byte strings can you remember without writing them down or storing them somewhere?) or have on some accessible media. Or use an easily remembered key, like the always popular "Password1". This is also part of why doing really securely encrypted systems is a huge and expensive pain. They get in your way, because that is what they are supposed to do. People don't like systems that get in their way.
Oh well, this grows boring.
| QUOTE (kzt @ Dec 19 2006, 06:33 PM) | ||
So you realize it's essential to the game world that that there exist unbreakable encryption, but you'd find it too complex to run a game where you and the players had to actually plan how to defeat it? Whatever. I've never understood why people liked to play FPS games in god mode either . . . . |
Nope.
If the runners are going up against a bank, I look up (or roll up) an appropriate host for the run, and they work to defeat it. (Keep in mind I play SR3, although I strongly suspect that my methodology would remain much the same if I were playing SR4.)
When the players aren't going up against a bank, what does it matter how the bank ensures secure transactions?
In other words, unless the players interact with a particular aspect of the game world, it just "is". Nothing that the players don't interact with is "essential", because it's a role playing game, and RPGs focus on player characters.
And when I do find an FPS that isn't so hackneyed and boring that I can stand to play it, I enjoy it with and without god mode turned on, depending on the mood I'm in.
I must just be an enigma.
| QUOTE (SL James) |
| SR4 isn't for you, loser. |
Knock off the personal attacks.
This must be the third time I've posted this in as many days, so I know it's not a secret.
haha, just so it's clear, that wasn't a personal attack on me. that was SL James being funny.
Well then consider it redacted in this case. Use a winky damn you!
| QUOTE (eidolon) | ||
Knock off the personal attacks. This must be the third time I've posted this in as many days, so I know it's not a secret. |
RAWR MODERATOR SMASH SARCASM RAAAAWR!!!
don'tkillme (there would be more winkies, but the board won't let me.)
Well, considering the source of the sarcasm...
Hehe.
Anyway, regarding encryption. I agree that realistic encryption is not fun. Encryption should be relatively easy to break, because otherwise hackers are not fun. Fun is important, here, I think. My problem with encryption isn't that it's too easy (exactly), or anything like that. Limiting rolls on an extended test can cause a failure to decrypt. My only problem is that there is no middle ground. All encryption is either broken in a few seconds, or not at all. And maybe that is the way it should be, in that there is either some known exploit or they used Password1 and it's broken almost immediately, or there isn't and it'll take a bajillion years to brute force. But I don't care, 'cause I think it would be more fun if there was some possible way for a hacker to occasionally actually have to work at encryption before getting it.
Anyway, regarding encryption. I agree that realistic encryption is not fun. Encryption should be relatively easy to break, because otherwise hackers are not fun. Fun is important, here, I think.
My problem with encryption isn't that it's too easy (exactly), or anything like that. Limiting rolls on an extended test can cause a failure to decrypt. My only problem is that there is no middle ground. All encryption is either broken in a few seconds, or not at all. And maybe that is the way it should be, in that there is either some known exploit or they used Password1 and it's broken almost immediately, or there isn't and it'll take a bajillion years to brute force. But I don't care, 'cause I think it would be more fun if there was some possible way for a hacker to occasionally actually have to work at encryption before getting it.
| QUOTE (eidolon @ Dec 20 2006, 08:40 AM) |
| Well then consider it redacted in this case. Use a winky damn you! |
I don't believe in emoticons. They're the worst thing the internet ever created (well, maybe them and "meh") because a couple of punctuation points can serve as a cop-out. "Oh, just kidding."
Yeah. Right.
Some of us are kidding sometimes.
Announcing that something is sarcasm defeats the purpose of it being sarcasm.
But anyway, about encryption. I've never been a fan of the fact that it can be so easily broken (House of the Sun, IIRC, goes into how 72-bit PGP was the shit in the early nineties, but cyberdecks had enough processing power to crack it like drywall). It makes everything else (e.g., banking encryption) look ridiculous. Unless traffic is also escorted by heavy-duty IC (since encryption is so easily broken), then there's really no way to answer the question "why don't deckers just rob banks?" logically.
But anyway, about encryption. I've never been a fan of the fact that it can be so easily broken (House of the Sun, IIRC, goes into how 72-bit PGP was the shit in the early nineties, but cyberdecks had enough processing power to crack it like drywall). It makes everything else (e.g., banking encryption) look ridiculous. Unless traffic is also escorted by heavy-duty IC (since encryption is so easily broken), then there's really no way to answer the question "why don't deckers just rob banks?" logically.
| QUOTE (SL James) |
| Unless traffic is also escorted by heavy-duty IC (since encryption is so easily broken), then there's really no way to answer the question "why don't deckers just rob banks?" logically. |
Sure you could have IC shepherding financial transaction data from Point A to Point B, and that'd be a rather tidy way of protecting it.
Until, of course, you factor in the ubiquitous use of wireless in 2070. When the IC hops from one node to another over a wireless link, it's just another data transmission. Right now, we only have two means of protecting a wireless data transmission from tampering: Encryption, and Data Bombs. Even when used together, they're not enough, IMO.
Now if we had a databomb that could load the protecting Agent on a node that's attempting crack the encryption on the intercepted wireless datastream, instead of just inflicting boxes of damage, then we might have something.
| QUOTE (SL James) |
| ...then there's really no way to answer the question "why don't deckers just rob banks?" logically. |
thing is, encryption's not the only way to protect a transaction. i mean, it should probably be assumed that credstick readers are slave nodes on powerful security hosts. and by powerful, i mean oh god. i've run the most powerful decker i know of through that system. he fled with his pants on fire after like 3 rounds.
Oh, God. It burns!
some of it doesn't really work. for instance, i've got constructs composed of identical IC, which is basically useless. still, that won't be a problem until someone actually manages to survive long enough to trigger them. all in all, though, it's pretty nasty. my favorite is the infinite hydra of black IC trapped with a cluster of two more black IC programs.
| QUOTE (mfb) |
| thing is, encryption's not the only way to protect a transaction. i mean, it should probably be assumed that credstick readers are slave nodes on powerful security hosts. |
And powerful hosts protect a wireless transmission from tampering how?
what is this "wireless" you speak of? i know no wireless! inch-thick cables all the way!
seriously, though. i was discussing SR3 stuff because some sneaky bastard brought it up. explainorating SR4 isn't my bidness.
seriously, though. i was discussing SR3 stuff because some sneaky bastard brought it up. explainorating SR4 isn't my bidness.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.