Granted, there are nigh infinite solutions, but one is correct. Basically tech or algorithms would need to exist to be able to determine the most likely set of solutions. Right now it's completely impossible. With bigger brains than any of us working on it, what's to say we don't figure out a way? "Because 112 has 5 electrons less this time, A must = 995,426.2."
Yes, I'm pulling crap out of my ass. That's because I already agreed that with our current understanding and capabilities, you're right, it's impossible.

How is that functionally different than dividing by zero?

It's not uncommon for people to implement crappy encryption systems that are based on theoretically secure approaches and for them to then think are secure. It's not unknown for people who are really damn concerned about security to screw up systems that should be secure. Like how the NKGB allowed US intel to decrypt messages that were encrypted by a OTP.

The requirement that you need to security (physically) distribute the OTPs, the issue with synch and the huge size of the keys makes the whole process at best cumbersome and failure-prone, even when everyone does things perfectly.

No, there is no one correct solutions, because several different people could be using several different codes to send any number of messages that just happen to come out as the same number.

Saying that a one time pad can be broken is basically the same as saying that you can do 'math' to figure out what 'Plan one' is. Because me telling you, "Implement Plan 1" is a rather simplistic sample of a one time pad. Plan one could be any number of things, and claiming that you can generate the specifics of my plan one because you know know that I have a plan one is just silly.

Matter is weird. Its like no matter how small you cut each piece is still made up of smaller pieces. Currently quarks is as small as we can go, which might be the end. But there is still matter smaller than a quark, ie. a neutrino.

If you have only C, these two messages are the same

The meeting is still on at 4:30, but we're going to run a sting operation for some Ares snoops

The meeting is still on for 4:30, and we don't expect issues with the security of the operation.

Both are viable solutions that are indistinguishable from each other from a crypto perspective.

No it doesn't. I don't fucking care how much encryption a system has, once I'm effectively the OS I own everything on it, including the users crypto keys.

Unless you think that people carry around a little book with thousands of pages so they have to manually enter the key for the thousands of files they use every day? No, the way actual encrypted file systems work is that the OS does all the encryption and decryption of the files. Otherwise they would be unbearably painful to use, and people wouldn't use them.

And having all sorts of cool encryption on a system does squat to protect the OS. We fight this battle every few months when some jr executive finds some Infoworld article and decides we should waste a huge pile of money on server encryption instead of things that actually improve security. The only time unbreakable crypto has a serious effect is if you intend to steal a backup tape or actually steal the mainframe out of the data center.

At worst your hacker has go along with the other PCs to play FBI Black Bag team instead of sitting in his mothers basement.

That doesn't even make sense.
The whole point of a OTP is that I can write the message on a piece of paper. I can write the same message using the same OTP 10 times, the variance in the script of my hand doesn't give you any insight into what the message is.



No. There are exactly infinity* solutions. Not "neigh infinite" as neigh infinite implies a finite, but arbitrarily large, number.

Also, there isn't one correct solution. My solution isn't the only correct one. You're trying to imply that "Guess a number between 1 and 10" is always 3, no matter who asks and what number they're thinking of. There could be three people who come up to you and ask you to guess a number between 1 and 10 that they've agreed upon, where in fact they've agreed on three numbers and which one is right depends on who you're looking at when you answer. Or possibly that you have to guess all three numbers at the same time. Or that the number changes once a second in a pre-determined order.

*By infinity, I am referring to not Aleph Null but to Aleph 1.

Until they lose a bit. You can't easily and securely resynch a OTP.

Well, there is, you can divide the pad into segments and provide a serial number with it indicating which pad segement has been used.

Fine, encrypt the internet traffic to and from the computer. The computer itself is a featureless box that has 1 cable port: electricity.

Hack that.

You can't. The unbreakable encryption is on the data it sends out (and likewise on the data it takes in). Without having the key, you can't make a connection to the box in order to be "on" the system.

That's because the game background assumes that as a given. You can't disconnect your system from the matrix to protect it against threats, as the background shows that this doesn't work. It also shows that people can't actually backup critical systems or that hackers can mystically corrupt backups.

These are, in my opinion, remarkably stupid aspects of the background, but Frank was explicitly not trying to break the background.

Extremely, saying that something that is extremely close is solveable , by making an approximation is correct but it is still NOT being divided by zero, just something sufficiently close.

Encryption is one of the purest applications of mathematics to real world problems. The proof for OTP is well defined, structured and given even non-mathematical intuitive thought makes perfect sense.

Though I'm merely repeating what others have said here. perhaps this extension will help.

Given a OTP'ed message. I can construct a perfectly valid OTP key that can decode, given exactly the same decryption algorithm that was to be used on the original message, into whatever message you want of the same length. Anything.

And there is no way you can prove that my OTP key is the incorrect one. Not without knowing the real key.

The weakness I see with our current algorithms is whether quantum computing entered mainstream usage. This could result it some radical reductions in time of contemporary encryption algorithms.

That is multiple OTPs and requires a reset as it is a clear text transmission. You can't encrypt it using the OTP because if you need to send the message the OTP is broken, you are trying to negotiate which OTP to use. I'm pretty sure it offers some interesting MIM attack options too.

Not enough. It halves the key length. So a 1024 bit key becomes a 512 bit key, and it still requires until after the earth is swallowed by the sun to break.

Does that scale as you add qbits? Or is it something more fundamental?

It's functionally just as secure. Just because the interceptor knows the index of your OTP doesn't compromise it, because the OTP will be unique from user to user.

Hell, even if you have two messages that use the same OTP key it's still remarkably difficult to extract the plaintext, as what you have is:

A + K = B
C + K = D

B - D = (A+K)-(C+K)

B - D = A - C

A-C is one plaintext character (unknown) subtracted from another plain text character (also unknown).

It's an easier puzzle to solve, but a non-trivial one.

And who keys the entire internet for you?


A device that only takes in power and doesn't have any input or output ports isn't a computer, it's an expensive electric heater.

You're not keying the entire internet. The box in question is the server for a AAA corp. The only people who need keys are the people who have access to it. That is, 10 or 12 people, depending on what that box is.



Cough. Internal wireless card. Cough. Unsubtle hint. Cough, cough.

What?

It's fairly typical behaviour, lots of OTPs do that. Typically they'll have a message format in which the first X digits are the serial number of the block to use with this message.

It does open up MITM attacks, but all they can do is disrupt your message by changing the serial number.. they could do that anyway by just xoring the rest of the message with garbage so yeah.

I'm told that that is fundamental to how symmetric cryptographic systems work. Public key systems are different, but supposedly there are some that are effectively immune to quantum attacks.

Or so the sources I use say, as nobody has ever created anything past an itsy bitsy toy "proof of concept" quantum computer so there are still significant disputes and I'm not a mathematician or a cryptographer, much less a quantum cryptographer.

Typical? Lots? Can you name 4 different OTP systems that are in real, practical day to day use?

Extracting the plaintext for a re-used OTP is comparatively simple, and is one of the common (human) failures in OTP based systems.

To OP:
Unwired had a bunch of relevant stuff... including changing the interval of the extended test used to decrypt based on your own re-encryption cycle. Which doesn't make it unbreakable, but it does do a lot to make the supposedly worthless Ewar skill actually worth something (as well as the relevant cyber and powers to boost the dice pool for logical/numeric analysis).

Franks Garbage:
It's pretty much all worthless... going even beyond turning stuff on... please remember Franks heavy arguments for brain hacking as well.

OTPs:
And what happens when the drone is jammed and doesn't get the message? You retransmit it again, using another portion of the OTP? How do you keep the OTP's synched together... these are all very real problems.

You can't assume that your messages magically align.

Quite frankly, it's a game, it isn't worth trying to engineer the details. And absolutely unbreakable encryption isn't all that much fun as evidenced by 'plot encryption'.

If I have physical access to the machine I own it. End of Story.

If I have to access the other computer to get the info I need from my target computer then I'll do it. NOTHING is completely secure. There is always a flaw in any security system.

Lincoln said it best: "Three people can keep a secret only if two of them are dead."

Everyone who sends traffic to the box needs to either have keys or have something transparently do the encryption for them. If there is a box that transparently encrypts and decrypts all traffic to the box that is exactly the same as there NOT being a box and the system NOT using encryption.

If it connects to every host you might as well not encrypt it. If it only talks to a few hosts you simply have to start by compromising one of them. It's exactly the same case as if you used a network access control list, the crypto again doesn't matter. Onion peeling is annoying, but well understood.


Um, so it has a network link... Your point is?

That quote is usually attributed to Franklin, not Lincoln.

Have we had the discussion about what encyrption actually protects you from, already? The stuff with the OTP encrypted server implies that we didn't.

Agreed.

But how are you going to get physical access to the machine that controls the door locks to the room that it's in?



[/simplified physical security]

Pose me an impossible question why don't you. Current asymetric key encryption is for all practical purposes unbreakable. Thus no-one bothers to use OTPs because it is a huge pain the arse for negligible gain. You do correctly observe that no-one uses OTP today, but I think we all agree with that.

In the future we are discussing, asymetric key encryption is fundamentally made of fail, so given that people will look for alternatives.

As for the specific feature, a number of french, german, multiple british and american cypher systems in the 1900s all used that simple method to make it clear what cipher was being used, because of exactly the problem you outline. British OTP pads used for communicating via audio with agents had a specific design feature using a similar method to enable resyncing, as well as prevent accidental re-use of segments.

The same error correction techniques used to confirm that regular packets are being received as sent are also used to packets containing encrypted data.

So, for example, if we are having an encrypted conversation over a digital phone, what is really being sent is generic data packets that contain bits of our phone conversation. Our bandwidth is just good enough, and our computers are fast enough, and our meat bodies are slow enough that we don't notice the slight delay of our voices being broken down into packets and then stuck back together.

I have a bunch of one time pads that are big enough to do one packet each. Each pad has a serial number. when our voice conversation is broken down into packets, the packets are XOR'd with the next one time pad (slightly less data than a normal packet, have to make room for the pad's serial number) and then sent to you. Your computer reads the pads serial number, applies your copy of that pad, and then re-integrates the (decrypted) voice packets.

Just two things about OTP:

1. No they can't be hacked EXCEPT if you reverse-engineer them. Let A be a 100 characters sequence to encrypt (the plaintext) and B a random 100 characters sequence (the key).
Your encrypted text will be C=A+B. There is theoretically no way to get C if you don't know A or B. You obviously don't know A or you wouldn't be trying to decrypt C and you don't know B because if you had the key, you wouldn't be trying to decrypt C the hard way. Knowing part of A or part of B won't help finding the other parts.
But there is one thing you can do: B has been generated somehow. Probably by a computer. And the problem with computers is that they are deterministic so their random isn't exactly random. For example, some systems use the current date (down to milliseconds or even lower) as a "seed" to compute the random number. In that case, if you know that the message was encrypted by a Hermes Ikon running Novatech Navi 2.31 at 13:20 the 21st of October 2070, you might be able to try to generate all the keys such a commlink would have computed at that time and see if one of them gives a correct plaintext.
It's not easy, it'll probably be a lot different in 2070, but the idea is still valid: even OTP can be decrypted if the random generator is pseudo-random.

2. OTP are good on paper, but they aren't practical to use. You have to store the pads somewhere, you have to share them through a secure medium and as soon as there's a synchronisation problem, you have to discard the entire pad. Here is a simple way to disrupt the communication of two people using OTP:
1. Alice uses a OTP to send data to Bob
2. Eve jams the signal, or impersonate Bob or randomly edit the data so that Alice and Bob will have to use a new pad.
3. Go back to 1
Eve just have to keep desynchronizing them until they run out of OTP. Then they either reuse OTP (which makes them insecure) or can't communicate.

'Proper' OTP are generated by things like radioactive decay or atmospheric noise, as close to actually random as you can get. No luck there.

You can keep trying to send the 'original' OTP message when jammed. It doesn't magically become insecure when you try to send it through the innertubes again.

There is no reason to assume you can do that with OTP, 2070 or not. If you tried to encrypt a 1Gb/s connection, you would need 1 Gb pads per second. How big is the hard drive that stores your pads? 1 To? It will be burnt in less than 3 hours. The amount of bits transmitted through the network is already much higher than the amount of bits stored, even more if you consider retransmission and routing.

Now, let us move on to 2070. Storage is infinite? No more than connection rate. There is no explicit ratio between them in the book. In an ubiquitous computing setting, this fight should turn in favor of the debit. The whole point of the matrix is that the world is your hard drive: everything is online and accessible in a glimpse so why even bother to keep a local copy? This has already started today with streaming slowly replacing downloading. R&D only follows technological needs, especially in an all-corporate world, so the most likely outcome is that communication technology has advanced faster than the storage one. Hence stored OTP should not be usable to encrypt a high rate connection (which should include any real-time control application such as security network or drone piloting). Back to generating the pads on the fly and transmitting them to have as many pads as you want, thus ending the "unbreakable" myth.

So what if one stops considering OTP as a magic button and wanders about practical use?

- Network encryption? As I already said, if you allow that, then your matrix is made of 100 Gb hard drives and 56k modems. This is not the idea.

- Data encryption? This is possible, but not game breaking, and included in the rules. The pad has to be stored too or the data is lost, and it is the same size as the data. If you can steal the encrypted data, you can steal the pad. Say it otherwise: if the pad can be protected from theft, the data could have been too. Still this is a nice security feature as it effectively doubles (or more, if several pads are used) the work for runners to get the data. This is exactly what Dramatic Encryption stands for.

- Low rate communication? One can assume that current audiovisual communication will be considered low rate in 2070. So OK, let's assume somebody who wants it can have a wireless conversation totally invulnerable to eavesdropping. That does not protect it from jamming nor from hacking the nodes to get the pads, though. Here it is a pity that there is no price for such a communication channel, as runners might want to use it. Randomness should be a real market in 2070, with corps selling you random numbers straight from their cutting edge hardware generators, and probably several quality levels. Are you OK to get the same number as other users? To have your number be part of the public generator output that is provided so that anyone can challenge the generator quality? And so on...

Sure some things we learn never change. Some things we we thought were one thing we find out we are wrong about. For a Science Fiction future I wont change 2+2 but changing what is possible to hack I sure as heck would change.

Has anyone proved that someone can't get sufficiently close to decrypting OTPs?

Because while its true that your not dividing by zero in calculus, you can use calculus to get results that are the results that you would have gotten if you could divide by zero.

Saying that decrypting OTPs is proven to be impossible might be true. Just like it might be true that dividing by zero is impossible by definition. Then along comes some guy that goes "well, lets just divide by a number that is infinitely close to zero and get estimations with perfect precision". How does anyone KNOW that there isn't some aspect of the math involved in a OTP that can't be 'hacked' by someone playing games with math?

Maybe in 2070 you can't break a OTP because that is impossible, but some clever guy has come up with a means of estimating what the message is with perfect precision because they hacked some aspect of the math with funny business that is analogous to using 'infinitely close to zero' instead of zero.

Yes, there are informational proofs for OTP possessing the property of complete secrecy.

That is true. It's one of the few cryptographic system for which this exists.

I appreciate the fire inside each of you fighting for what you believe should be for Shadowrun.
This is not something were either side is going to convince the other. While some are interested in the science, others revel in fantasy.

Proof doesn't apply to fantasy and fantasy doesn't accept proof.

I'll keep playing my Fantasy Shadowrun and wish you the best with our Science Shadowrun.

BlueMax

OTP are mathematically impossible to hack. 2 + 2 = 4. 4 cannot be broken down in to the original problem without knowing the original problem, because 1+3 also equals 4.

Look at this backwards, Both you and I have the same random list containing everything you'd ever want to say. And this is only time we'll ever use this list. Once you my message you through away the list.

I call out 23, you look at your list and see that means "Lets go for pizza." Then we both destroy the list.

Provided the lists are safe and completely random then there is no angle of attack. There can't be. There isn't a sufficiently close answer. That 23 could mean anything.

Decryption works because the key is less long then the data your sending. You can mathematically attack the pattern to find a weakness. In a worst case you can brute force through the key and look for decryptions that make sense, because a large section of the key space will produce garbage.



No, no and no. Not perfect precision. Acceptable precision. OTP doesn't have a sufficient solution. Your literally sending every possible message of that length. There is no way to shorten that. 1/2 of infinity is still infinity.

According to the Above, we are in agreement...