I realize there are probably a dozen topics answering my questions to different degrees, and I have found many, but I have found it problematic parsing the information down into something useful. In this instance I am not looking for a whole new system, but more likely assorted house rules to rectify the following problems.

1) The speed of hacking leaves me wondering why anyone even bothers to encrypt anything, unless it is just to prevent casual users from access.
2) The quality of encryption leaves me wondering how financial transactions are conducted securely?
3) The existence of hackastack or agent smith makes me ask the question of how do you defend against the Mongol horde?
4) How do you maintain control of vehicles or drones with the above issues?

Most of my players avoid players avoid playing hackers like the plague so I get to use a lot of handwaving, however one really likes having his drone army.

Some solutions I came up with were as follows:

1) I have made breaking encryption an all or nothing roll, not extended. Break the threshold and succeed, don't and fail, get detected, prepare to be booted.
2) Agents must buy hits, they never roll. Get a secure enough system and it does not matter how many attacks roll in. In other words if its a hacker he has a shot.
3) Also looking at Electronic Warfare as a major way of cutting down on hacking, and for denying others use of their wireless networks.

So what house rules have people come up with for dealing with these issues, and better yet how do you use Electronic Warfare in your games. Thanks.

I love the idea of #2, but #1 makes no sense at all. Real encryption, that SR4 encryption emulates, merely takes time.

Locks keep honest men honest.


The stronger encryptions offered up in Unwired go a long way to making Shadowrun's electronic banking actually possible, IMO. One possible solution is to have the central banks automatically issue a set of authentication tokens for transactions to account holders on an hourly basis, the tokens having been pre-encrypted with 24-Hour Strong Encryption. Think of it as the CVV number on the back of your credit card, except you have a set of them, using a different one for each transaction you make, and you get a replacement set delivered to you every hour. Oh, and the tokens are delivered by a high rating Agent that has encyrpted the entire set as a single archive using Dynamic Encryption. Set the system to reject any transaction bearing a token that's more than 18 hours hold, and make anyone who's had an unscheduled matrix-access outage of 24 hours or more go through extra verification procedures before being issued further tokens.


Use Unwired's rules for Slaving, bolt armor plate over top the drone's physical hardwire connection ports with a standing command to shoot anyone who comes after it with a wrench, and limit your wireless communications to point-to-point Beam Links.


Harsh. One alternative I've seen proposed was to use a "Diminishing Returns" style cascading test interval. First roll of the extended test takes a combat turn. Second takes a minute, Third takes an hour, fourth takes a day, 5th takes a month, 6th takes a year, 7th, takes a decade and so on.

I realize decrypting just takes time, but the speed with which it occurs in SR4 seems ridiculous. My limiting decrypt to a single all or nothing attempt is meant for on the fly hacking, since it is described as a brute force attempt. In other words you will be detected and chased unless you manage to get inside and make it your own. The thresholds and times for slowly hacking seem fine to me, even as extended rolls. I don't want to ban the brute force approach, but I definitely want to make it very risky. My line of thinking is you take the sledgehammer to the backdoor, the SYSOP hears you and the encryption is changed immediately, and the hounds of hell are set loose on your ass. If you knock the door down you jump through and the SYSOP responds too late, you are in. The brute force approach does not take much thinking, hence Agents get to do it. The long term approach is something I am thinking of not allowing Agents to do. To really hack, in other words sneak in and mess with a high security system requires a sentient being behind the wheels not some program.

Thanks for the suggestion for the drones, and the diminishing returns. The financial transaction security still seems shaky. It really has to be damn near unbreakable for it to be reliable.

We used NPC hackers and hacking just happened. Life was good.

Life was good. Keyword WAS, thanks for rubbing it in

I haven't thought this through yet but in addition to the Access ID limitation in Unwired, you could cap the max ratings of Agents. Say the node's Response/2 instead of Response? Then a real life hacker will always be better than any agent, since most Agents would have a rating of 3 at most.

It would leave us with a problem of all IC sucking. Maybe there's a way around that? Or maybe this wasn't such a great idea...


-JKL

My solution to encryption and to make it take longer is to do the following:

Encryption - Program adds its rating to all tests against the node
Decryption - Decryption reduce the effectiveness of encryption by its rating.

So, a hacker with Decryption 3 going up against an encryption 6 will have a +3 to all treshold tests like probing the target and hacking on the fly and similar tests where there is a fixed treshold.

In opposed tests the target adds defense dice.

My reasoning with this is because the encryption is not static. Both sides use live encryption that changes by the second which means that there is no set encryption key as it changes constantly to keep people from getting inside.

Also, it mean that one can fail miserably if one doesn't have a decryption program as everything becomes a LOT harder.

- Encryption is a success test. Check.
- The good old credstick is now a slaved node with integral passkey for a "militarised" bank server. The rating 6 encryption is just there to annoy hackers. We are using the logic+skill option, so the SOTA rules increase believeability for matrix banking.
- Using Agent Smith angers the universe. Yes, that is a solution. I´m playing around with a rule limiting multiple uses of one program in the same timeframe, but so far it does not work for cybercombat.
- Vehicle security is an issue? Encryption + passkey + firewall upgrade + slaving to the comlink.



Number 2 is great, that might actually be a simple solution. Perhaps with rolling the "leftover" dice, to use the full range of ratings. I´m considering to count only the highest icon damage per IP, so that running multiple attack agents on one target gets inefficient fast.

If you are looking at Electronic Warfare, consider to use a smart jammer against known offenders. Adds ECCM to the requirements of hacking your net, if nothing else.

Thanks for the input. I think what I will be going with is adding the logic attribute to any roles. This gives a live hacker an advantage over the machine (unless its an AI), combined with Agents having to buy hits (and yes I think rolling the left over 1 or 2 dice will work great) will create the effect I was looking for. Note the hacker defending against Agents can also buy hits, this essentially neutralizes the threat of the Mongol Horde, and makes hacking what I wanted, which is a character vs character situation. Ultimately I think it will cut back on unwanted dice rolling, give systems a decent level of everyday security since having Agents do your dirty work against a well secured system is out of the question, and in addition to the master and slave unit rules provide limited access to stealing drones. In other words I think things will be challenging now, without it being impossible.

I think I will be using EW for limiting opposing wireless connections or preventing jamming of friendly connections. Proper use of this could require a hacker to hardwire into the local node just to avoid potentially getting kicked off by losing "bars" at an inopportune time.

Electronic banking relies on strong encryption only when it's a centralized system. In a decentralized system, you don't really need any encryption.

Two questions then:

• Can you detail how a decentralized banking system works? A swarm of computers all taking a vote on how much available funds are in account A and whether or not the account holder authorized a transfer of some of those funds to account B?
• What canon references lead you to believe such a system is in use in Shadowrun?

I have before on DS, albeit a while ago. You'll have to search for it, sorry.


Again, I've posted this before, too. At this point, you'd be doing the same search through DS or the PDFs that I would. Plus there's probably something in Unwired; I'd start in the fluff and then maybe look in the game info sections for forging cash.

I tried, but I'd be more successful if I had a better idea of timeframe than "A while ago" or a better keyword than "banking" or "decentralized" to use. You're approaching the 2K post mark, and the only two hits turned up on either of those two keywords under your name were your posts in this thread.


Unwired sections for forging cash only apply to funds on certified credsticks, which are really just an obscure corner case of SR's Electronic Banking.

All I can say is keep looking. I'm getting sick of spending time rendering professional explanations of how computers (or networks, or encryption, or programming, or anything else I get paid to teach) work, only to have some obtuse twit not bother to read it, give obtuse replies, and insult the intelligence of myself and of other readers. I'm not naming names and I'm not saying that I expect you to do the same thing. It's just that I'm sick of being lead down the path to frustration just because I like to teach and be helpful. I'd be happy to describe the system in person if you catch me at a convention or something, but until then I'm afraid you'll have to do your own research.

It might be about identification rather than banking, but it's pretty much the same whether your data is money or identity, if that helps.


This one I'll help with, because I remember reading that and thinking that AH was pretty cool for including it. Lemme see ... here it is on page 95 of Unwired. It seems to have been chopped down a bit; now it's only something about online cred being constantly tracked and monitored. So I guess it's been edited down to just an implication of a decentralized system.

Hm. Maybe I will give a mini-lesson. Here: the system is akin to the way a BattleTech Grand Melee or a game of hopscotch is refereed.

At first blush, I'd have questions about the scalability of those techniques, but I'll just attribute that to the mini-ness of the lesson.

Something in that direction (link)???

I sent my (information access code) to my bank, after sending individually worthless "junk" to several other servers, tampering with one of those just destroys the transaction, and the bank can access my data just fine, because it got the access code?

Sorta like that, yeah, except that since the data is held in a large number of places at once, and those places can query one another to double-check their own information, the only way to forge electronic cash is to alter the data in all places at once. If storage and transfer speeds are ridiculously high (as is the case in Shadowrun), then you can't actually forge electronic cash unless you crash the whole Matrix at once, assuming you can find all of the places the cash is being tracked.

Surely that's just a matter of traffic analysis?

I think what Aaron is saying is that you essentially have these rock solid sites, which constantly double check each other, so unless you hack all of them simultaneously the information will revert to its proper format near instantaneously. My question to this then is how does this quorum of trust identify a legal transaction? Is a legal transaction essentially bursting the access code to twenty different servers and since it is good to go they all accept. Whereas with an illegal transaction I would have to hack those twenty servers simultaneously for the same effect. The security gets better as the number of secure servers I am transmitting to goes up. Of course you could still steal from someone if you manage to break their perfectly legal access code, but this would require what?

Recording, decrypting and replaying the code....

The claims that you can't record an encrypted signal would certainly surprise people who do real world decryption, because that is a key element of the process. That's how the US broke the Venona one-time pads, the Purple Japanese diplomatic codes, the JN-25 navy code, and the Germans broke the British BAMS, Naval Cipher No.3 and the US Black diplomatic code.

That's a valid approach, but what if you're trying to find hundreds or even thousands of nodes for each single nuyen? Let's say you only have a thousand nodes tracking cash, and each unit is tracked by only two hundred of those nodes. That's a one in 6.6 x 10²¹⁵ possible sets of 200 nodes to choose from. Incidentally, that's also the number of cash units that such a system could track.

And what if the data you mined five minutes ago is out of date? If the tracking nodes keep trading responsibility for any given unit of cash, that makes it even harder to track.

Could such a system be viable today? Well, in smaller form, yes; see Ryu's link to the distributed file system, above. Could it be viable in The Future? It'd not only be viable, it would be trivial.

You expect to maintain a consistent state table on EVERY commlink in the ENTIRE world for EVERY nuyen? Really? I'd attack the synch process then, just a little. It's got to be like someone trying to use OSPF to route the internet and should crash nicely.

Otherwise, I'd start randomly nuking packets bound for several of the major sites. Now they don't agree and the world melts down.

See, this is why I've given up trying to offer stuff to DS.

kzt, if you're clever enough to think of that attack (which, obviously, you are), you're also clever enough to come up with a solution to it. It's not as much of a vulnerability as your post suggests.

You would not need to maintain consistency on every server, far from that. Let several thousand servers compare data, and accept a 75% result as valid.

The commlinks can connect to a few transaction servers, which establish trust in the commlinks identity by comparing data. They maintain coherency of the money, and manipulate the money conditionally if the transaction comes from a trusted source and is acceptable to the bank. The security of your account does depend on the security of your endpoint.

We can argue all day about whether secure money is possible without decent dynamic crypto.
I tend to suspect that if the number of nodes (not combinations, just nodes) is reasonably limited, and if traffic monitoring is practical, then the system is probably broken.

But it doesn't matter.

The assumption we are making is that the financial system works.
We also are assuming that credsitcks are, for some reason, hard to break.
And we are assuming that hackers can get into lots of things, and find lots of useful information.

These assumptions are necessary for anything resembling the game world to work.
They are probably also actually mutually inconsistent.
But, frankly, I am more interested in playing the game than in playing amateur cryptographer. And I have no interest in trying to get a security professional to audit / analyze the assumptions and conclusions of the system. I am sure that the system is, in a formal sense, broken.
So that means that trying to craft more secure techniques is probably a bad idea. We have to live with what is written, and reasonably small generalizations from that. (If wiring things together works in one context, it better work in others.)

I sure as heck don't want to try to get into how they manage key exchange, key refresh, and key revocation without dynamic crypto. But it has to somehow work.

I am actually a bit concerned about the magic side of this same question. The spell design system in street magic allows for a lot of spells not thought of by the devs. That is neat. But like generalizing the matrix security, it is almost certainly subject to breaking the structure. (Yes, the GM can be careful about what he allows. There are still going to be surprises. And there is also the fact that the GM is probably going to have to sometimes say "sorry, not allowed" when there is no good reason, when someone comes up with something that is too strong. Remember that gam e balance is an important concept to us, but irrelevant to meta-physics. Reality is not game balanced.)

Joel

So... they're crowdsourcing financial verification?

That. Is. AWESOME.

Is something borken because you don't know exactly how it works?
Do you know how you work?
Are you borken?

If there is one case where it might be borken, does this mean it must be borken in all cases?

Are all things which can be borken always borkened?

Up until it's actually borkened, things tend to work just fine... is it an acceptable lifecycle?

I think Unwired refers to "new math" from the Crash2 virus that cracks algorithms like rock candy, which is essentially what I did in my game. Encryption is now a nuisance on par with current WEP security on WiFi. It acts like the flimsy lock on a screen door; breaking it proves you have criminal intent.



Short answer now is multiple connections. I figure credsticks are like the "fob" one time key generators. As long as the credstick doesn't get tapped too often, there's not enough of a dataset to "decrypt" the key generation. If a hacker has to sniff and decrypt 3 datafeeds simultaneously, the transaction can outrun the hacker.




Same way you do today: traffic analysis. You start refusing connections, particularly at a gateway level. Local security could use a fiber optic connection to root out agents once all the external connections are closed.

Of course my house rule is that each agent needs their own user account. If you want 24 Smiths to attack Renraku, you need to either have 24 user accounts or have the 24 begin hacking their way in. The odds of triggering an alert go waay up then. If you're just trying to DDOS them then that's fine.



Primarily by disabling connections to any other network. Then a hacker a) has to find a hidden connection, b) break the encryption, c) analyze the rigger's Persona and d) start issuing spoof commands. I often set drones down to the minimal signal level required to operate. In really stealthy operations, the drones are assigned to people on the intrusion team (mage's like having mechanical bodyguards) so that the signal level can be 0 or 1.

Outside of runs I strap a rating 1 comm operating in public mode to vehicles or drones expected to meet legit challenges and it handles the "paperwork."

I also install a LOT of databombs. Sure, you can spoof a command to add your Comm to my vehicle's subscription list. But then you've got to defuse the r:5 databomb to issue it any commands directly without taking some damage and letting me know someone's on my net. So their option is to continue spoofing, which is not a zero risk operation.

Even IRL, hacking an encryption can take 5 minutes or five hours. All those articles you read in the news about new encryption methods developed over time can apply in SR as well.

Look at it this way, most hackers can break 32-bit encryption in less than 1/2 an hour, 64-bit in less than 6 hours, and 128-bit in less than 2 days. It depends on the encryption method as well, but apply that to the tech in SR4 and you see how it would be possible to hack a node in a single round, especially considering most places employ similar if not the same encryption and coding software.

If you can break a 128 bit in less than 2 days you can break a 64 bit in a milliseconds. You need 2^127 tries to break a 128 bit code (on average). You need 2^63 tries to break a 64 bit code. It's 18 sextrillion times harder to break a 128 bit code then a 64 bit code. (18,446,744,073,709,551,616 to be precise). It's only 4 billion times harder to break a 64 bit code than a 32 bit code.

The amount of computing power this implies (ignoring the violation of the laws of thermodynamics) is pretty astonishing.

There's always a bigger number.

I should have added that I am not the hacker doing this. At a conference I attended there was a competition to see if developers, coders and hackers (there is a difference) could crack different levels on encryption. One person was able to crack 64-bit encryption (I believe it was a type called Blowfish) in 12 minutes. I was stunned, but I do know it's possible.

I will also grant that these folks had some powerful computing power. I'm not sure which law of thermodynamics would be violated as matter was neither created nor destroyed, the rule of entropy was followed, and no one approached absolute zero at any point.

Remember, just like our characters, real hackers have developed programs and schemas that work for them and cut time down drastically.

It's complex, but here's the most readable analysis I've seen, from Robert J Hansen.

"Entropy is a measure of the statistical disorder of a system. In physics, disorder manifests itself as heat. Something that’s hot is in a much, much more disordered state than something that’s cold. In computer science, disorder manifests itself as…

"…heat.

"This is something that stunned Claude Shannon when he discovered it. He was trying to figure out a way to measure the information content of telephone lines, and the equations he kept on discovering looked very familiar. Shannon eventually called it “entropy�, just because the equations were the same as the physics equations for entropy. Shannon’s discovery was that information and “entropy� were opposite sides of the same coin: an increase in one necessarily involved a decrease in the other.

"What nobody disagrees on, though, are the real–world implications: that every single time you discard information, you have to pay a cost in heat. Period. End of sentence.

"This number is very, very small, but it’s not zero. Every single time you lose a bit of information, you pay kT ln 2 joules of energy. That’s how much energy has to leak from the system with every single bit of information that’s lost.

"This is an incredibly small amount—about 10^-23 joules per bitflip. By comparison, a car battery puts out about 10^26 times that each and every second. That’s a huge difference, just mind–blowingly huge. Most people think we can just ignore the Landauer Bound… but when it comes to crypto, that’s just folly.

"Assume a 128–bit cipher. Each time you want to try a new key, you’re going to have to discard (on average) 64 bits. 64 is close enough to 100 for our purposes—we want some quick back–of–the–napkin estimates, nothing more—so let’s write down: “each key = 10^2 bits lost.�

"Now, to break a 128–bit cipher by brute force requires, on average, 2^127 attempts. That’s close to 10^38, so let’s write that down. “Total attempts, 10^38.�

"Multiply the two numbers together to get the total number of bits of information you’ve discarded. To multiply together two numbers written in scientific notation, you add together their exponents. 10^2 × 10^38 = 10^40.

"Finally, we have to multiply our total number of discarded bits by the price we have to pay for each of them. Just like before, multiplying scientific–notation numbers is addition… except this time, one of the numbers is negative, so we can think of it like subtraction. 1040 × 10^-23 = 10^17.

"That gives us an absolute lower bound on the amount of energy we would have to lose while brute–forcing a 128–bit key. 10^17 joules… but that’s just a number. It doesn’t mean much to us, does it? So let’s put it in terms we can understand. "

A one megaton nuke releases 4.2*10^15 joules. Hence your system cracking really big numbers will make the room it is in VERY warm.

Except that the energy numbers are directly related to the technology used to flip those bits. I can increase the amount of heat generated by hiring a fifteen-year-old to flip dinner plates. This isn't about information generating heat, it's about machines that manipulate information generating heat. It's just nifty geekery, on the same level as calculating the physics of Santa Claus.

I think they actually had a guy on NPR's Science Friday work out the math on Santa once. It was interesting and absolutely hilarious.

He also mathematically explained how your christmas lights get tangled no matter how you pack them.

Heh. It´s not what you have, it´s how you use it.

No, that's the amount of energy generated just by the bit flipping. Any additional work created by an inefficient process is just additional overhead.

For a more detailed and numeric approach see:
http://en.wikipedia.org/wiki/Entropy_in_th...ormation_theory

You can pretend that Pi=3 because you don't understand how Pi is derived, but it still isn't 3.

Any process that is efficient today might/will be tomorrows inefficient tech.

An ideal processor would not waste energy at all, but can not exist. Real tech wastes energy, but steadily increases calculations/entropy. Take nowadays personal computers vs. an equally powerful number of revered C64-PCs. The question is if the necessary increase in calculation power is larger or smaller than the increase in available calculation power.

This is more than I should be offering, but I recommend you read it yourself. I mean really read it, not just skim it. Heck, just read the first four words of the actual article text, the ones that go "There are close parallels ..." I'll also recommend the entire section entitled "Theoretical Relationship."


While you're at it, here's another Wikipedia article for your reading pleasure.

Aaron, you are a glutton for punishment.

The other point on the energy analysis is that if you assume the mathematics has been cracked (which is the assumption the game makes) then you don't break a 128 bit key by testing 2^127 different possible values. You break it by applying the mathematics which lets you dramatically reduce the search space, and then using brute force.

(As a minor note, it takes very different kinds of mathematics to break asymmetric key systems (like RSA and Elliptical curve systems) and to break symmetric, fast key systems like Blowfish and AES. However, for game purposes it is perfectly reasonable to assume that both have been suitably weakened / broken.)

Joel

The Connection between Logical and Thermodynamic Irreversibility

Good cryptography is by definition logically irreversible. If you can trivially recover the input from the output without the key it's not a very effective encryption system. And, yes, the fact that there IS a key doesn't make it reversible.

"It is clear that every logically irreversible transformation is equivalent to
a logically reversible transformation plus one or more Reset operations. To
see this consider an arbitrary logically irreversible transformation. It can
be converted into a reversible transformation if a copy of the input state is
appended to its output. This clearly allows the input state to be recovered
from the output state. To obtain a transformation logically equivalent to the
original irreversible transformation we simply reset the copy."

That's also why people are interested in differential power analysis as a side channel attack, because the power consumption of the encryption process is directly related to the key and what it's encrypting. Odd how it all ties together, isn't it? Brute force attacks on well run and well designed crypto systems are just not a viable approach in the real world for a reason. Brute force attacks against naively run systems, particularly if you have hints, are perfectly viable to use as a starting point because you can greatly limit the keyspace you have to search to variations on their kids name, SSN, birth dates, etc.

And this all started with "ignoring the violation of the laws of thermodynamics"....

Forgive me if I've missed a cryptology lesson along the way, but what does "reset the copy" mean? There's not quite enough context there for me to put it together (and I seem to have glitched my Data Search roll, as Google is hating me on all relevant searches).

That's a nice quote, but it's a bit out of context. Try the first line of page seven, or the entirety of section 4. Maybe everything after that, too. I'm afraid it doesn't support your point at all, but it does go directly to my comment.

I think I'm going to be done with this sub-thread, unless something convincing comes up.

I'm just going to throw some questions out there and see how they fall.

My understanding of the thermodynamics generated around cryptography etc, is that we are working with silicon systems and traditional computer processors as we understand them today. How does that impact optical systems? Does an optical chip heat up by writing or removing data from it, since there are no moving parts?

If reducing entropy increases heat, does increasing entropy reduce heat? I have some problems with visualizing how exactly organizing a bunch of 1s and 0s makes heat, but scrambling them should definitely not make the world a cooler place.

Completely removed from the cryptography discussion:
Are there any modifiers for hacking use if I am running a sculpted system, where the sculpture uses Generic Matrix Iconography, but several key substitutions have been made? (Example my IC are sculpted to carry the icons of system maintenance bots and vice versa.) The visual representation would seem like everything was normal, but when an Analyze program was run on a specific Icon, different information than expected would return.

The entire point of the paper is defending Landauer's Principle, as first shown in "Irreversibility and heat generation in the computing process". The primary argument used against it is that entropy only applies to physical systems. Which is why the phrase he uses is "Thermodynamic irreversibility" with the paper showing that the general form of Landauer's Principle is true in a physical system, then applying it to a logical system. As noted it's pretty suggestive that you get the same answer using 'information-theoretic' entropy or phenomenological thermodynamics entropy.

It's possible that the second law of thermodynamics isn't actually true, and it's true that the relationship between of information theory and thermodynamics isn't firmly established, but Landauer's Principle is a tool that is found useful in other areas of science and models our understanding of reality in a useful fashion, as does thermodynamics in general. For example "Landauer’s Principle and Black-Hole Entropy." Given this it's perfectly reasonable to use it as tool to analyze cryptographic systems, which is why it is in fact in general use by people who work on cryptographic systems for a living.

You may be attempting to snidely claim that quantum computing will sidestep the heat dissipation issue, but that's also not true, as long as people don't choose encryption systems that can be easily attacked by QC. Logically it seem unlikely that corporations and governments will choose to use cryptosystems that they know can be trivially broken. Currently the commonly used symmetric systems are not easily attacked by QC, so I can't see any reason this will change.

It's all well and good to continually shout "wrong", but it's pretty pointless when you can't actually be bothered to produce any evidence other then your clear belief that you are omniscient.

There aren't any moving parts in a Intel processor either. Just moving electrons. That said, most of the heat in modern CPU (the vast majority) is due to resistance, not Landauer's. I'm not sure if any Landauer heating can even be detected. An optic fiber used for data will heat up (slightly) due to the laser light being absorbed over several kms of glass. I have no idea how much an actual optical computer would heat up, as somewhere you need RF converted to light, which implies a laser or vscel. Plus the gates will absorb some photons. This article suggests that there isn't any evidence for an optical system being cooler running. I have no idea how accurate this is, but I know the power requirements of high speed optical interfaces are pretty big due to the lasers.


It never gets cooler. You can move the heat to somewhere else, but that creates more heat in the process, which you have to move too.
The joke version of the laws is:
First: You can't win. Second: You can't break even. Third: You can't quit the game.

Not exactly new, but it shows why Landauer entropy is no issue: Bennet: Logical reversibility of computation

This skims over the biggest problem with it all - verisimilitude

Why is banking protected by security ninjas, but identity isn't? Especially when banking relies totally on identity and secure transaction for verification. I could simply get the ID of bill gates for what, 6k, wait for him to buy a coffee while monitoring him, then empty his bank account, because I all have all the information he could present to his bank.


Wham bam thank you ma'am.

And any defense that works for money is equally applicable to identification. It is stupid.