Very insightful, Dire Radiant, but unfortunately irrelevant. It does matter whether it's Exploit or Sniffer & Spoof because one comes on a force 1 sprite and the other on two force 6 sprites.

Dire Radiant, that is true if and only if the rules allow us to break into the networks at all. A back to the Earth tribal shaman is probably not going to roll some dice and break network security, it is going to take a real hacker with real hacking equipment.

What is at issue is that the Sprites in the BBB don't actually have the skills and tools needed to break network security. That means that our technomantic constructs are ironically in the same place as our technophobic neotribal. They just happen to not be able to do anything else which brings us back to the original point that people don't think that Technomancers are very good at the task that they are supposedly specialized in.

-Frank

Fair enough.

No, Quantum computers have little effect on shared key crypto systems. So your unbreakable until the heat death of the universe 1024 bit key is effectively a 512 bit key to a quantum computer. This is really a great improvement, but it is ALSO unbreakable until the the heat death of the universe.

The other minor issue is the Shannon entropy, which manifests as heat. Lots of heat.

It's all silly handwaving by people who don't want to really think hard and who don't have a clue how critical trustworthy cryptography is to making a network useful.

The biggest assumption afaik is, that there will be no quicker algorithm for finding then prime factors. This is - afaik - not yet proven mathematically, but seems highly likely. But it could be possible that someone finds a solution for this... But then someone either has to find a new way to encrypt things or the net will not longer be usefull for anything that has to do with money or secret things.

As I read it, this is not about folks who don't understand how critical trustworthy crypto is.
Rather, it is the observation that if the 2070 sR universe (or the 2050 one for that matter) had high grade, hard to break, crypto, then the entire matrix game wouldn't work.
One can argue it shouldn't work.
But since that makes for a dull game, make other choices for our model.

I believe from some notes that the canon has tried to address this by providing some additional handwavium to add to the explanation of why cypto isn't stronger in SR. But the real reason for the way it is structured is to make that aspect of the game (and arguably a lot of the rest of the game) playable.
there are also some interesting arguments in the literature as to why it may turn out that in practice security is almost as weak as SR paints it (although in different ways.) But that doesn't really matter.

Joel

I think Joel's got it right. We could have strong crypto in the 6th world, but it would negatively impact the playability of hacker characters. No one would want to get a file and realize that to decrypt it it would take thousands or millions of years. There's no fun to be had there. Instead, fun can be had if it takes mere seconds to decrypt.

If strong cryptanalysis isn't your thing, try the ever-increasing-interval house rule. For decryption, the first interval is an IP, the second costs a combat turn, the third a minute, the fourth an hour, the fifth a day, then a week, then a month, then a year ... etc. Thus, if someone's in combat and doesn't get it by that second interval, they're probably not going to get it until after the combat is handled in some other way. But, since the average Response + Decrypt pool is probably around 10 dice, they should be able to decrypt the information in three or four intervals costing a little over an hour. Throw in a glitch or two and suddenly it might take a day or more. Regardless, it keeps the rules basically the same but makes decryption take a little longer based on luck and stronger encryption.

The information I got when we were putting together a curriculum for the Network Security classes indicated that the systems were different, although the store-and-forward protocols and RMA stuff is similar (and the ISO 9362 stuff, but that's not all that relevant to this conversation).

That being said, I'm no expert on SWIFT, I've only read the white paper.

I graciously accept.

Seriously, you're right: we're done now. Although my offer of talking shop over lunch still stands.

When taking a course by David Lynas http://conference.auscert.org.au/conf2005/...?presenter_id=6, he started that the transactional components were services on shared infrastructure offering a variety of capabilities via terminal access, but they may have added stuff since he left so it could go either way. Really the point is moot. Even if you think SWIFT is broken up into components, it is STILL a network(s) designed with security front of mind, which was my orgininal point

Sure, but it doesn't really address my point, because even though it was designed with security front of mind, it was still primarily designed to exchange data, and secondarily as a secure system. The primary purpose of SWIFT isn't "be secure," it's "pass messages."

No, what you actually said was "Primary purpose of networks is to pass infomation" which is I suppose true, but does not inform the debate.

Then gave a usability example, which had nothing to do with the preceeding statement, about deadlocks on doors. This does address my point, because I was suggesting something to inhibit usability in the name of security, and does inform the debate.

Then you said the primary purpose of networks is to pass infomation, which does not inform the debate.

So I took that as you saying that there are no networks that sacrifice usability (the example you gave) for security (the example you gave), as that was the only real statement that addressed my point.

The door in the example still 'passes data' it just has a significant usability hurdle. Imho, that is exactly like swiftnet, which is why I feel it addresses my example and rebutts your point.

However, if you feel that the primary purpose of a 'transport' is to 'transport goods or people' and do not agree that the IED proof vehicles they are rolling out have made made significant transport trade offs to 'transportation' to meet the goal of 'security' and are now 'security vehicles' designed with 'security' first and not 'transportation', then I am not sure we can have a rational discussion.

Swiftnet's only purpose is the secure communication of trasactions. Without that security part it has no purpose. It's like saying that a secure phone is still useful without the secure part. Okay it does make phone calls, but thats not really what you want. I guess I can see your point, it just seems rather stupid. You obviously need two halves to make a whole here.

Let me see if I can find that SWIFTNet white paper. I seem to remember it saying something like exactly what I'm saying, and I may have stolen the door analogy from either it or another paper.

Either way, my point was that if you've got a purpose other than security, you've got vulnerabilities. An IED-proof vehicle is a box that doesn't move. An unopenable door is one that can't be opened. A secure server is one that isn't connected to the outside world, and so on.


Not really. Let me frame it another way. When designing a "secure method of communicating transactions," if you come to a design decision where you can either have communication or security, which do you choose? When designing a, "IED-proof vehicle" and you come to a decision where you can either have it move or be protected, which do you choose? When designing a door and you come to a design decision where you can either have entrance and egress or security, which do you choose? The one that you choose (or choose more often) is your primary purpose, and every time you take usability over security, you introduce vulnerabilities.

Sure, but you and I both know its never a binary decision. Instead we have two objectives to be achieved, a broad spectrum of methodologies to achieve them, and when I design a system I have to weave that together to competition requirements to deliver on all of them at once.

Let me put it to you like this: A C170 has two competition requirements "Must carry an M1A1" and "Must fly long distance" Without achieving both preconditions, it is useless. A 'secure data interchange system' has to achieve both security and data interchange. You are giving me the false choice of choosing between them - but that is no choice. The two requirements are both equally important. You have to assess, given your requirements, where the tradeoff lies.

But you keep asking me repeatedly "So you're designing an air mobile tank transporter. If you have to sacrifice the ability to fly vs the ability to carry a tank, what would you do"

That choice is obviously stupid. If I scrap "flying" my air mobile tank transporter isn't air mobile and doesn't meet the requirement, and if I sacrifices 'carrying a tank' what does it do again?

I used swift as an example because it has made some extreme tradeoffs against 'data interchange' for 'security' I could use government top secret networks as another example. In australia they must not connect with other networks in a manner to allow data interchange. *shrugs* Those are both intresting examples of the trade to me.

However, if you're going to keep asking me "If you were making a blueberry pie, and you had to choose between making it a tart or making it blueberry, I cannot really advance the discussion."

This security/network discussion is definitely helping me understand why TM's are misunderstood.

If you have Unwired there is a section in it that supported my idea of what an exploit program does when presented with a secure system. Look for it on pg132 in the bottom right corner. Yes, it is a description provided by a poster on Jackpoint, but its a description none-the-less and a good analogy to boot.

I will close out my end of the 'debate' here. I have not finished reading Unwired at this point so I won't bring anything else from it to this post.

So I setup my firewall with specific registers and short list of big addresses that can communicate with it. Now, your GM might say 'OK', but my GM says, "What rating is your firewall?" To which I reply, "6." He nods and says, "Then you set up your described firewall however you like, so long as you understand in game terms that it is rating 6."

I heartily agree with him.

Exploit is used to get past firewalls. Trying to describe a way around this is, in game terms, describing a firewall that is immune to the exploit program. My GM doesn't allow it. If yours does, that is his prerogative, but doing so is not in tune with what the game rules state to be the case. One can also spoof their way through a firewall, but that means something different happens as a result (as opposed to exploiting it).

Exploit is used to get past any firewall. Should my target have a rating 72 system and firewall, I can attempt to get through it on the fly by performing a Hacking + Exploit (72, 1 IP) extended test, or to probe out a weakness and get myself in with a Hacking + Exploit (144, 1 hour in VR or 1 day in AR). This implies that no matter how strong a firewall is built, you can get in with the exploit program, eventually. The difference is in how often the system gets to analyse you and decide whether or not it should go on alert and deploy white hats or IC.

Those are the game rules as I and my gaming group see them. It would appear to us that the core sees them that way as well. If these rules are redescribed by what some perceive to be reality (afaik it is) then they made the decision to do so and they should carefully observe the ramifications of that decision in game play so that appropriate alterations can be made to the rest of the rules (potentially ones less firmly grounded in reality?) to compensate for it.

In other news, Unwired has added things to the setting that some would say 'level the playing field' between TMs and Hackers.

I would say that it further emphasizes their differences and allows their players to decide what type of matrix specialist they would like to be rather then asking: Do I want to be a Matrix Specialist? (If Y, be a hacker.)

That's the point, it doesn't work that way in the real world and it won't work that way in the future. File encryption is pretty much worthless if you own the system. In order to be useful the file system needs to be automatically encrypted and decrypted by the OS. If you own the OS, you own the files. It sure doesn't make any sense to assume that in every corp each employee has a little book of passwords and file names and manually types in their >200 character unique to that file password (very carefully) hundreds of time per day, now does it? If nothing else, where would you secure the books? If you use passwords that can be memorized you can break them. They just can't be complex enough, as the inherent strength of english words used for passwords is something like 1.3 bits per character.

We are having this discussion at my organization now, as they want file encryption for some audit checkbox and some of the rest of us think that it would make sense to harden the thousands of compromised hosts and the perimeter instead of installing encryption that won't work. The only thing that file encryption is really good at is stopping people from stealing your physical machines and your backups and getting your data.

I'm not sure if I understand how that's relevant. I must be missing something, so if this is off in left-field, I apologize. I do understand what you're saying though, and you're right. However, that still doesn't address the needs of the game. It wouldn't be fun if people couldn't decrypt the information that they're trying to access. Thus, the game reflects a weaker state of cryptography than we have in the real world at this time in order to facilitate the creation of fun. There are a variety of ways that you can make the cryptography in SR4 more powerful (the increasing time interval for decryption, make the decryption threshold Program Ration x 5 or something, etc.) if you think it needs to be so, but I'd be worried that in doing so, you'd make the game less fun for your players, especially your hacker players.

What works for us is running Decryption as a non-extended test against a threshold of Encryption. Usually successful on the second roll, like RAW, but unlike RAW not automatically so.

[sarcasm]

WOW!!! That is so profound. It should be required reading for all one-trick ponies.

To extrapolate:

Any {insert template type here} "can easily antagonise the other players by either making their characters feel useless, or by driving up the difficulty of the tasks, and cause the rest of the characters to become collateral damage."

Plug Street Sam into that sentence.

The problem with one-trick ponies is that they either end up being bored by their very own speciality since they always succeed with their 30 dice, or the difficulty and challenge gets adjusted accross the board, and their 30 dice only net them standard success and failure rates.

Alternatively, They get a thrill out of holding large double handfuls of dice, and then displaying their skill at counting hits.

[/sarcasm]

This whole thread is about who throws more dice, a hacker or a technomancer. Stupid, really.

Look at the Technomancer Template, and explain why you need a more powerful technomancer than that.

Did this debate really need to be rezzed?