Kurukami
Dec 18 2003, 07:38 PM
When one uses Decrypt on the Matrix, usually it either works or it doesn't, and does so within a fraction of a second. Personally, I always saw that as kind of messed up -- you've got this presumably very solid cipher which always either gets cracked or doesn't in a snap?
I think the mechanics for decrypting encoded access or data should be different. It seems as though it would make more sense if it were more like the spirit-banishing rules. That is, you have the Scramble IC at a certain rating, and you have the Decrypt and the character's Computer/Decking rating.
With each action the character attempts to decrypt, he rolls his Computer against a TN equal to the Access TN minus the Decrypt rating, and the host contests it with its Security rating against a TN equal to the Decrypt utility's rating (or maybe the decker's DF). Each overall success the decker scores decreases the Scramble's virtual "rating" by one, and once the Scramble is reduced to zero the decker can freely access the resource that IC was protecting.
That would actually make it, well, challenging to crack an encryption, knowing that the host would be wondering where all those spare compute-cycles were going on the system. It would also make it worthwhile to pop a decrypt into a frame or agent and allow it to work on stuff while you're distracted or busy with other things in-system.
While the decker remained in the system, he would still possess the key to that particular resource -- but if he logged off and was gone for more than a certain time, it would get re-encrypted.
To me, that seems to better mimic how it takes a long time to crack a good encryption algorithm, unless you've got some kind of astonishingly good codebreaker. What do you think?
Cray74
Dec 18 2003, 07:52 PM
Well, I'll grant that taking time on a code might be realistic, but I prefer the quick-cracking method just for playability. Open up the paydata, appraise it, fence it, move on to the next run.
Kurukami
Dec 18 2003, 08:34 PM
Of course, I'm also of the opinion that you could snag an encrypted file from a host after getting past whatever guarded it... but that you wouldn't know just what it contained without decrypting it.
Backgammon
Dec 18 2003, 11:06 PM
I think it's a good idea. Of course we don't have any deckers, but in theory, it sounds pretty good.
gknoy
Dec 18 2003, 11:13 PM
QUOTE (Kurukami) |
Of course, I'm also of the opinion that you could snag an encrypted file from a host after getting past whatever guarded it... but that you wouldn't know just what it contained without decrypting it. |
I like that idea too.
Plus, it gives a reason to rent time on a mainframe (Hey, run this cracking process ...).
Or, maybe the repeatable nature (and already-processed-those-keys effect) of cracking encryption could be represented by saying that you need a certain number of successes (morethan 1) to decrypt it, and thta if you fail a decrypt test, some of your successes (half? all?) from the previous test get carried over to the next test.
Down side of that is, it contradicts the whole "you only need one success" thing; maybe you could give encryted things a status monitor that you could do staged "damage" to ... once the encryption is "dead", your resource is decrypted. That would also be better than "carrying over" successes, which is hard to justify...
the up side is, it's more time spent that the decker is trying to crack it - and thus a potentially higher security tally.
Saintgrimm
Dec 18 2003, 11:25 PM
Sorta off topic here, but have any of you Matrix lovers played Uplink: Hacker Elite?
It's a video game. Sorta fun. The Decrypt brought up memories of it.
Kurukami
Dec 18 2003, 11:39 PM
QUOTE (gknoy) |
Down side of that is, it contradicts the whole "you only need one success" thing; maybe you could give encryted things a status monitor that you could do staged "damage" to ... once the encryption is "dead", your resource is decrypted. That would also be better than "carrying over" successes, which is hard to justify...
the up side is, it's more time spent that the decker is trying to crack it - and thus a potentially higher security tally. |
One alternative is that you could make decrypting a file like cracking an electronic lock or picking a lock -- that is, it takes a certain base amount of time with 1 success and the more successes you get, the shorter time it takes. Of course, with encryption improving the way it is, that task time might be quite a while in the speeded-up time of the Matrix...
Link
Dec 19 2003, 05:56 AM
What about treating the Decrypt (is that the name of the system operation?) operation as an interrogation/monitored operation. The decker need not give it his undivided attention, but still needs to achieve a number of success (nominally 5). It reflects what you're trying to achieve... roughly.
Kurukami
Dec 19 2003, 04:08 PM
That makes some sense. Perhaps set the number of successes needed at half the rating of the Scramble IC? Thus, a hard code on a relatively unsecure host, where you could take lots of processing cycles without raising too many eyebrows, would be relatively easy to break, while the same code on a "skewer-you-if-you-blink-wrong" host would be nearly impossible.
Shadowics
Dec 21 2003, 05:43 AM
To some extent it makes sense that some decryption could be done in a very short amount of time.
First off, while processors will like improve by leaps and bounds, it's doubtful that encryption algorithms will grow in such a fashion. Fifty years from now the standard in encryptions could be simply a scaled-up version of the current RSA encryption.
Secondly, in order to be any good to the corp whose system you're trying to get, their computers have to be able to make use of it. Even knowing the passkey strong encryption takes time to decrypt. In order for your average corp terminal, which will presumably be much slower than a decker and deck, to use the encrypted resource in anything near a realtime capacity, the encryption will have to be rather weak.
Third, long term data storage, particularly sensative data than isn't accessed often probably would be encrypted much harder. A baseline for strong encryption is already in the rule book :
QUOTE (SR3 p.292) |
The base time for decrypting data is (Encryption Rating x 10) minutes. |
Kagetenshi
Dec 21 2003, 06:04 AM
QUOTE (Saintgrimm) |
Sorta off topic here, but have any of you Matrix lovers played Uplink: Hacker Elite?
It's a video game. Sorta fun. The Decrypt brought up memories of it. |
*Gives SaintGrimm some Revelation*
~J
Kurukami
Dec 22 2003, 08:31 PM
QUOTE (Shadowics) |
A baseline for strong encryption is already in the rule book : QUOTE (SR3 p.292) | The base time for decrypting data is (Encryption Rating x 10) minutes. |
|
Interesting. So we know that applies to the decryption of intercepted radio transmissions... does it in any way apply to the Matrix stuff? If so... wow, decrypting to get access to a host could take a bloody long time. Would Scramble-IC directly correspond with Encryption rating?
nezumi
Dec 22 2003, 09:41 PM
If you want to be REALISTIC (which may or may not be interesting to you), encrypting access to a host SHOULD take a long time (although probably on the order of hours to decades, depending on the algorithm). That, or you have a 'work around'. It's the same IRL. EITHER you spend the time to break the code they're using, which is very time consuming, or they neglected to harden the entire host and you can exploit a flaw in their security, which just depends on finding the flaw. But I suppose if a connection a host is encrypted, it's more fun in it's own way to be working on it for a bit, then be able to reap the fruits of your labor. It's what makes decking all worth while.
Backgammon
Dec 23 2003, 12:58 AM
QUOTE |
The software that peforms the data encryption is a variant of Scramble IC. Such encryption may be decrypted by a decker using the Decrypt utility or by someone with a data codebreaker system (which contains a umb program frame of the decrypt utility. SR p.292 |
Well, looks a lot like what could happen in the matrix. I mean, it uses the same damn programs, so it'd be very logical to say the same time frame (Rating * 10 minutes) should apply within the matrix.
kenji
Dec 23 2003, 11:55 AM
QUOTE (Kurukami) |
That makes some sense. Perhaps set the number of successes needed at half the rating of the Scramble IC? Thus, a hard code on a relatively unsecure host, where you could take lots of processing cycles without raising too many eyebrows, would be relatively easy to break, while the same code on a "skewer-you-if-you-blink-wrong" host would be nearly impossible. |
why run a cryptanalysis process remotely?
if the encrypted form of the data can be accessed, bring it home and spend your own cycles on it. unless you've taken something very very hard to crack, and you desperately need Big Metal size processing power. but then, that's a different run.
but this is all biased by my 20th century technological awareness.
and i've always wondered, can one packetsniff in the SR Matrix? i mean, the data's got to get from A to B somehow, why not watch it go by?
Kurukami
Dec 23 2003, 04:19 PM
Well, certain things (like getting into the host in question) really have to be done there. I see it as kind of like the "little black box" McGuffin in Sneakers... some mathematical wizardry that somehow manages to sidestep most of the decryption difficulties.
As for packetsniffing... in the Matrix rulebook, there's a utility called "Sniffer" which can be used for a system operation called "Intercept Data", allowing you to search the details of various messages passing through a particular host. Would that match your definition?
gknoy
Dec 26 2003, 07:46 AM
posting knee-jerk reaction to this, without reading rest of thread ... apologies aheadof time if someone already covered this.
QUOTE (Shadowics) |
First off, while processors will like improve by leaps and bounds, it's doubtful that encryption algorithms will grow in such a fashion. |
Remember, deckers are making UNAUTHORIZED access -- they will have to CRACK the encryption. This means brute-forcing it, as any encryption method worth using by anyone older than twelve (not counting otaku
) will be resistant to everything else. (No back doors or analytical weaknesses here -- or, FEW. Corporations would pay TOP dollar and hire TOP encryption research talent - much like the NSA does today.)
It's exponentially easier to make the encryption algorithm harder to crack -- fasterthan Moore's law, since every year or so we can add not one, but SEVERAL orders of magnitude. Note that many modern schemes, with a long enough key, would be uncrackable before the heat death of the universe -- and that's accounting for Moore's law.
QUOTE (Shadowics) |
Secondly, in order to be any good to the corp whose system you're trying to get, their computers have to be able to make use of it. Even knowing the passkey strong encryption takes time to decrypt. In order for your average corp terminal ... to use the encrypted resource in anything near a realtime capacity, the encryption will have to be rather weak. |
WRONG.
Authorized access to encrypted data would mean that the user has the key -- and USING a key is a simple process. It takes a little number crunching, but it's not by any means absurdly slow. Heck -- look at SSH (Secure SHell): Encrypted tunnels of information (replacement for telnet). I can copy files with it easily from one computer to another -- with some processing overhead, of course -- and it's virtually unbreakable. Or, unbreakable in any reasonable amount of time (say, less than ten thousand years?).
Remember, deckers that are breaking in will not havethe keys, and need to break their way in. Picture the difference between someone that has a key to my house, versus the hood who has no lockpicks but must instead has a 55 gallon drum full of all the possible keys that might fit my front door.
Now imagine that my door key, instead of having seven or nine pins, has over a thousand. That drum full of possible keys, rather than being the size ofa trash can, is now probably about the size of an ocean. It takes finite time to try each key, and there are a whole lot of keys. And if I simply add a few more pins (think: bits to an encryption anglorithm), I have quadrupled (or more) the key-space. Hence, even longer to crack.
Hence, decryption in SR is completely Unlike Anything In Real Life.
I do like that monitored test idea, where it takes some preset amount of processing power and time to bust it open.
And, off topic -- I loved Uplink. sadly, I put it away after about a week of playing it because I had other stuff to do ... and I had just bought KOTOR.
I have yet to have picked it back up ...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.