Help - Search - Members - Calendar
Full Version: Answers about encrypting a node/device
Dumpshock Forums > Discussion > Shadowrun
In this thread, I asked about what encrypting a node or device means, and no one seemed to have a clear answer. So I emailed the shadowrun info address, and I got a good explanation from Rob Boyle, and he said he wouldn't mind if I posted it here.

The quick summary:

Encrypting a device or node means encrypting all of the data in that node, as a layer on top of any encryption that may be done on individual files. The node to be encrypted needs to run the Encrypt program, and you can use a node while it's encrypted. They're planning to expand on encryption quite a bit in Unwired, though.

Here's the full email conversation, reformatted to be readable and with some stuff not directly related to the question trimmed out.
    What does it mean to encrypt a node or device?

    I understand how encrypting data or traffic works in SR4, but I can't find anything that describes what the effects of encrypting a node are. I've asked on the dumpshock forums, and no one there seems to have a clear idea, either.
QUOTE (Rob Boyle)
It's like encrypting a hard drive with PGP or a similar RL encryption program. If you don't have the encryption key, all of the data on the device is scrambled. Another example would be an encrypted thumb drive.

    Just to make sure I'm understanding you correctly:

    Say a Johnson has encrypted his commlink with Encrypt 4.

    Hacker Twitch hacks into the commlink and then discovers that everything is encrypted. Without decrypting, Twitch could try to crash the commlink's OS, or he could connect to another device that's subscribed to the commlink, like the Johnson's cybereyes.

    However, the encryption would prevent Twitch from reading or editing any data on the commlink, like examining the Johnson's call logs or trying to create a backdoor admin account. Before he could take actions like that, he'd have to complete a Decrypt action on the node. After Twitch decrypts the node, he may find files on the commlink that have their own encryption, and he'd have to Decrypt those separately.

QUOTE (Rob Boyle)

    Could the Johnson use his commlink in its encrypted state, or would he have to decrypt it whenever he's online (meaning that devices would only be encrypted when they're not in use)?

QUOTE (Rob Boyle)
Yes, he could use it while it's encrypted. I say this because some modern disk encryption programs allow you to do this -- the user provides the decryption key, but all of the files remain encrypted until he accesses them, in which case those specific files are decrypted on-the-fly. It takes up some extra processing power and time, but presumably this is no barrier to 2070s electronics.

    Where does the Encrypt program have to run for this to work?

    Say Twitch has a commlink with Response, System, and Encrypt 5. He connects to his buddy Lug's commlink, which has Response/System 3, and wants to encrypt it for him. Can he encrypt it at rating 5 and still let Lug use his commlink in that state? Or would Lug's commlink have to run the Encrypt program to maintain the encryption (limiting it to rating 3 and possibly counting as a running program on that node)?

QUOTE (Rob Boyle)
For simplicity, and also security reasons, I would say the program has to be running on the device. If it's being run from another device  you run into all sorts of potential problems with communication lags, you're potentially screwed if communication is cut off (if Lug loses his connection to Twitch, he can't access his own commlink), and it's a security risk to be transmitting authentication keys and the like back and forth where they can be intercepted.

    Finally, would you mind if I post your responses from these emails to the dumpshock forums? I think people would find them helpful.

QUOTE (Rob Boyle)
Sure, go ahead. Please note that we plan to expand on encryption options quite a bit in Unwired.

(Side note/example: encryption could be tied to accounts, so that an authorized user automatically has access to an encrypted device. So a hacker who somehow obtains a legitimate passcode doesn't have to bother with decryption.)
Since the boss has come out and said it, I think there's no harm in confirming that we won't just be clarifying Encryption in Unwired but plans are to also provide expanded options. Neither take will contradict the basic rules, we'll just be expanding and adding depth to them. I think it's also likely there will be a Tweaking the Rules variant too for those unsatisfied with the basic setup.
Zen Shooter01
Will we be seeing easy to follow explanations like the one above in Unwired, too?
nice smile.gif

have there been any clarification about encrypted connections anywhere?

and i would have been surprised if unwired would not expand on any of the concepts and other stuff presented in SR4.
So, it's just a batch encryption of all files? I can live with that, since nothing in that precludes separately encrypting every single one of a node's communications links with the outside world, which was how I originally interpreted the concept of encrypting a node (as I posted in the original thread).

Keep in mind, not only would the official interpretation of encrypting a node impact reading and editing of files on the node, but it'd also effectively kill data search actions as well.

Strong work mad props to you for posting this up.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012