I was thinking about hacking credsticks in relation to nash equilibrium. If I was a financial institution in 2070, I would include a cheap biometric scanner in every credstick and demand a hash of some sort of biometric identification before allowing purchases. Since cheap biometric scanners on a wireless credstick are far simpler for the user than modern swipe-and-PIN credit cards, users would have no problems with banks demanding the biometric hash be used to authenticate every purchase, even one as small and routine as a candy bar. Since the scanner and hash algorithm is on the credstick, the merchant wouldn't need to buy or bother with anything.
In order for a hacker to hack a user's credstick and clean out his bank account with purchases, the hacker would need to know two secrets: 1) he'd need to know the credstick/bank's hash algorithm (this could potentially be found by analyzing the credstick firmware) and 2) the hacker would need to know what biometric data the bank is expecting.
The second secret is impossible for a hacker to know without using a Mind Probe on the user or hacking into the bank's mainframe (effectively impossible). The bank could demand the user to pick any one of dozens of easily scannable and non-intrusive biometric data. Any credstick can easily and cheaply check fingerprints and voice ID. If you assume the credstick includes a skinlink, it may require a user's brainscan ID and specific mental command. If you assume that a relatively inexpensive biomonitor is included in a high-value account holder's credstick, the credstick could check any one of a number of blood chemistry levels and DNA markers.
The security rating of the credstick is irrelevant. As each credstick can check for all those biometrics, there's no way for a hacker to know which one the bank is expecting from the credstick. Since the data is hashed before transmission, there's no way for the hacker to guess which fingerprint or what brainwave signature the scanner is looking for.
The biometric scanner on the credstick accomplishes two things for the GM. 1) it makes it impossible for players to make a living mugging people (and makes them go on shadowrun adventures instead) and 2) its a perfect way to force everyone in your world to wear datajacks or trodenets if all credsticks require a brainscan command hash as their authentication scheme. This renders the "naked brain hacking" argument moot, because with this single killer app there won't be many naked brains in the civilized world.
Cool, huh?
Full Version: Hacking credsticks
Aside from certified credsticks, whose reasons for existence are convenience and anonymity, all financial data is supposedly already stored on a users commlink.
| QUOTE (SR4 BBB) |
| Since the Matrix went wireless, however, all of this information was transferred to the commlink, and credsticks only survive as certified but relatively anonymous means of payment. <snip> The commlink is also used to keep track of an individual’s bank accounts. To spend cred, you subscribe to your bank’s online network and authorize transactions or simply authorize automatic deductions in appropriate situations. Biometric Reader: For access-control to online accounts or certain devices, the proper biometric scan must be provided. |
By the book, the banks and other online account providers already use biometric security to secure accounts - if you go back to the older editions they tell you the verification types [password/print/DNA/etc.] for the types of the differing credsticks/accounts.
Questions/Comments
1. Why move financial data back to credsticks when that data has already been moved to the commlink itself?
2. Do certified credsticks still exist in your setup? If they do - naked brains can still exist, if they don't TPTB will have it that much easier when tracking down runners.
Yes normal people use commlinks for transactions, I thought it was implicit, but feel free to substitute the words "commlink" for "credstick" in my post.
My clarification adds two things not mentioned in the book. The book and resulting discussion made a big deal about the security rating of the credstick. I'm saying the security rating is irrelevant. Adding a hash to the biometric data transmittion and allowing the user to choose a wide variety of possible biometric scans on every commlink/credstick makes hacking the credstick/commlink irrelevant because the hacker could never know what biometric data is being collected without Mind Probing the user or secretly installing a "keylogger" on the device and later gleaning the user's biometric authentication scheme from that intelligence. You can never mug a guy and get access to his accounts, whether the accounts are legit or anonymous credstick accounts.
My clarification adds two things not mentioned in the book. The book and resulting discussion made a big deal about the security rating of the credstick. I'm saying the security rating is irrelevant. Adding a hash to the biometric data transmittion and allowing the user to choose a wide variety of possible biometric scans on every commlink/credstick makes hacking the credstick/commlink irrelevant because the hacker could never know what biometric data is being collected without Mind Probing the user or secretly installing a "keylogger" on the device and later gleaning the user's biometric authentication scheme from that intelligence. You can never mug a guy and get access to his accounts, whether the accounts are legit or anonymous credstick accounts.
I guess I should also point out (if you don't know much about cryptography), that a one-way hash is effectively impossible to crack, so it does not have an encryption rating. Even the bank doesn't know what the biometric data is that you sent. This means that it's also perfect as an authentication scheme for an anonymous account. That's what makes my system so secure, there's nothing that a hacker can crack that can give him access to those accounts.
All hash functions (with the exception of a perfect hash function) are vulnerable to collision and pre-image attacks.
The hash algorithm could be vulnerable the following ways:
Credstick firmware/bank software on commlink
Manufacturer of Credstick (are custom credsticks all the rage like phones are today?)
Generating hash collisions for a MD5 hash now takes under an hour and you can do it on a laptop, in addition the MD5 password encryption has been compromised to such an extent that the Project RainbowCrack pages are now widely known about.
The hash algorithm could be vulnerable the following ways:
Credstick firmware/bank software on commlink
Manufacturer of Credstick (are custom credsticks all the rage like phones are today?)
Generating hash collisions for a MD5 hash now takes under an hour and you can do it on a laptop, in addition the MD5 password encryption has been compromised to such an extent that the Project RainbowCrack pages are now widely known about.
| QUOTE |
| Nearly all distributions and variations of Unix, Linux, and BSD use hashes with salts, though many applications use just a hash (typically MD5) with no salt. The Windows NT/2000 family uses the LAN Manager and NT LAN Manager hashing method and is also unsalted, which make it one of the more popularly generated tables." |
Microsoft bans use of MD5 and in certain cases SHA-1 for use in-house.
One-way hashes are secure from the POV of the encrypted data being safe, but one-way hash authentication systems are vulnerable (oftentimes extremely so) to being compromised.
With such datahavens such as shadowland and the genre conventions of widespread hackers - why wouldn't such data or services be available to the PCs for getting those credsticks hacked?
One way hashes are impossible to reverse. However, you don't need to. You can attack them currently in two fashions. One is using a sufficiently large rainbow table. A coworker ran into a guy who works for "the federal government" who had a 1.5T sized rainbow table at a hacking conference. The other is by causing collisions. Both MD-5 and SHA-1 are clearly vulnerable to engineered collisions. There are practical issues in actually creating the collision for SHA-1, but it's been done for MD-5.
If you have an arbitrarily large amount of memory/storage and CPU sufficient to attack a symmetric encryption algorithm successfully, you can blow up a one way hash. It's an easier problem.
You either have to assume that cryptography works or that it doesn't work. You can't have it only work where it's convenient.
If you have an arbitrarily large amount of memory/storage and CPU sufficient to attack a symmetric encryption algorithm successfully, you can blow up a one way hash. It's an easier problem.
You either have to assume that cryptography works or that it doesn't work. You can't have it only work where it's convenient.
Who the hell uses MD5? It's like a 50 years old and nobody even uses it any more. Hey let's start a conversation about the uselessness of Caesar Cipher or Pig Latin in cryptography! 
You are sadly mistaken if you think that nobody uses it any more.
Ha, true. I guess I was thinking that nash equilibrium assumes that everyone is not only doing the best they can, but that everyone is also smart. But then again, I'm not even sure if I'm spelling nash equilibrium correctly.
My SNMP V3 stuff has the option of MD5 hashes, or no security. Given that choice...
The girls are all snickering at your puny hash algorithm.
| QUOTE (Buster) |
| I guess I should also point out (if you don't know much about cryptography), that a one-way hash is effectively impossible to crack |
... So in Shadowrun, it should take your decker between 8 and 12 hours. (Its a full 24 hours for the Unbreakable stuff)
@Buster: You spelling is correct. And everyone has to be smart only in regards of choosing his best strategy. All values his decision is based on can be -very- individual and diverge from objective information -much-.
@kzt: Use the MD5 allready. Give the hacker something to use his skills, but not so hard he might fail.
@kzt: Use the MD5 allready. Give the hacker something to use his skills, but not so hard he might fail.
EDIT: Nothing to see here.
Edit: wrong thread. Nothing to see here.
In SR3 (and disregarding certified credsticks) the situation is more or less like you explained it. Sticks have different biometric requirements based on their level (and their level limits how much cash can be attached to it). There is practically no financial or biometric data stored on the stick itself, a proper transaction REQUIRES a matrix connection so the encrypted data can be sent up to the main server host (which may, at its option, further challenge the credstick user). The particular nature of the encryption IMO is pretty irrelevant, since apparently SR encryption technology bears little resemblance to ours anyway (if you don't believe me, look at how little time it takes to decrypt stuff!) While it would ultimately be hackable, it would take a lot of time and work, and during that time you could just hack into some corporate system and make some money that way, so it's really not worth it. Additionally, you better believe if they lose a single credit, they're hunting you down before the secret gets out.
In my game, I rule that all credsticks also keep an approximate number on its available funds, updated since the last time it connected to the bank. While not connected to the matrix, it can do 'stick-to-stick' transfers. During this, neither stick is connected to the matrix, but they are connected to each other. The first uploads a financial 'package' to the second saying 'I am me, this is how much I'm trasnfering' and when the second connects to the matrix, the transaction goes THEN. This allows people to use their money without a wire dragging them back to the wall or transmitting through unsecured routers. The problem is of course that the stick itself can be hacked, so you can make a credstick that sends an illegitimate financial package, and the recipient won't realize that until he tries to 'cash' it (at which point it'll bounce). As such, most vendors don't allow for that except under very unusual circumstances, such as huge blackouts, the Zurich orbital falling to the ground, etc.
In my game, I rule that all credsticks also keep an approximate number on its available funds, updated since the last time it connected to the bank. While not connected to the matrix, it can do 'stick-to-stick' transfers. During this, neither stick is connected to the matrix, but they are connected to each other. The first uploads a financial 'package' to the second saying 'I am me, this is how much I'm trasnfering' and when the second connects to the matrix, the transaction goes THEN. This allows people to use their money without a wire dragging them back to the wall or transmitting through unsecured routers. The problem is of course that the stick itself can be hacked, so you can make a credstick that sends an illegitimate financial package, and the recipient won't realize that until he tries to 'cash' it (at which point it'll bounce). As such, most vendors don't allow for that except under very unusual circumstances, such as huge blackouts, the Zurich orbital falling to the ground, etc.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.