Help - Search - Members - Calendar
Full Version: Unbreakable Encryption
Dumpshock Forums > Discussion > Shadowrun
Pages: 1, 2, 3, 4
kjones
The encryption that we use today is called asymmetric key encryption - basically, this means that if Alice and Bob want to speak securely, they don't need to meet up beforehand to exchange a password. This is good, because it lets you give Amazon.com your credit card number without having to work out some way to exchange a password that isn't itself insecure.

Modern asymmetric key encryption takes advantage of the mathematical principle that it is easier to multiply two prime numbers together than it is to factor a number into its prime components - if somebody were to come up with a way to factor products of large primes quickly, this would obliterate modern encryption as we know it. Presumably, this is what happened in Shadowrun.

However, asymmetric key encryption is not the only kind of encryption in the real world. Symmetric key encryption, if properly implemented, is mathematically perfect. Consider the following encryption algorithm - I have a string of characters, "dumpshock". I come up with perfectly random string of characters (there are ways to do this, but the one that I'm going to use, mashing on my keyboard, is not one of them) - "avzliwamf". I then take each character's numerical value (a = 1, etc.) from the plaintext ("dumpshock") and add it to the key ("avzliwamf"), and if the result is greater than 26, I subtract 26.

In cryptography parlance,
Plaintext: dumpshock
Key: avzliwamf
Ciphertext: dumpshock + avzliwam = eplxadppp

This cipher is unbreakable because while I could try guessing different keys and seeing if I get "dumpshock" back, I would only know that's the correct answer if I knew it going in - "eplxadppp" could also mean "kjonesroxx" or "iluvdandd" or anything, and there's no way of knowing. (Assuming that the key generated was perfectly random.)

Now, the obvious problem with this method is that if Alice wants to send Bob a message encrypted with this algorithm (known as a "one-time pad"), Alice must first work out a way to send Bob the key. This is why we don't use one-time pads in the real world - key exchange is too much of a hassle.

But, say you're a shadowrunner, and you have a very real and immediate need for secure exchange of data among your teammates. Since data storage in the 6th world is "enough", there's nothing stopping you from generating a couple billion megapulses of randomly generated keys and passing them among your team the next time you all meet up at the Stuffer Shack. It would not be hard to encrypt all data passed among your teammates during a run (or whenever) using these one-time pads. If you run out, knock off a couple billion more.

The irony here is that the greatest insecurity in this system is that a hacker can still waltz in, hack anyone's comm, and grab the keys, but there are ways to defend against this - firewalls, data bombs, and I seem to recall an option in Unwired that helps prevent files from being moved around. But there is no way to break this encryption by simply intercepting wireless signals. This helps solve, for example, the insecurity of tacnets.

Thoughts? Suggestions? Reasons why I'm wrong?
Ancient History
If your key is as long as your plaintext message, then by definition it's a one-time pad, which is unbreakable. I actually mentioned that in the FAQ. The problem is generating the one-time pads and communicating them without being intercepted. That's why modern (but breakable) cryptography uses pseudo-random number generation for the keys, among other things.
Starmage21
QUOTE (kjones @ Apr 19 2010, 09:37 AM) *
The encryption that we use today is called asymmetric key encryption - basically, this means that if Alice and Bob want to speak securely, they don't need to meet up beforehand to exchange a password. This is good, because it lets you give Amazon.com your credit card number without having to work out some way to exchange a password that isn't itself insecure.

Modern asymmetric key encryption takes advantage of the mathematical principle that it is easier to multiply two prime numbers together than it is to factor a number into its prime components - if somebody were to come up with a way to factor products of large primes quickly, this would obliterate modern encryption as we know it. Presumably, this is what happened in Shadowrun.

However, asymmetric key encryption is not the only kind of encryption in the real world. Symmetric key encryption, if properly implemented, is mathematically perfect. Consider the following encryption algorithm - I have a string of characters, "dumpshock". I come up with perfectly random string of characters (there are ways to do this, but the one that I'm going to use, mashing on my keyboard, is not one of them) - "avzliwamf". I then take each character's numerical value (a = 1, etc.) from the plaintext ("dumpshock") and add it to the key ("avzliwamf"), and if the result is greater than 26, I subtract 26.

In cryptography parlance,
Plaintext: dumpshock
Key: avzliwamf
Ciphertext: dumpshock + avzliwam = eplxadppp

This cipher is unbreakable because while I could try guessing different keys and seeing if I get "dumpshock" back, I would only know that's the correct answer if I knew it going in - "eplxadppp" could also mean "kjonesroxx" or "iluvdandd" or anything, and there's no way of knowing. (Assuming that the key generated was perfectly random.)

Now, the obvious problem with this method is that if Alice wants to send Bob a message encrypted with this algorithm (known as a "one-time pad"), Alice must first work out a way to send Bob the key. This is why we don't use one-time pads in the real world - key exchange is too much of a hassle.

But, say you're a shadowrunner, and you have a very real and immediate need for secure exchange of data among your teammates. Since data storage in the 6th world is "enough", there's nothing stopping you from generating a couple billion megapulses of randomly generated keys and passing them among your team the next time you all meet up at the Stuffer Shack. It would not be hard to encrypt all data passed among your teammates during a run (or whenever) using these one-time pads. If you run out, knock off a couple billion more.

The irony here is that the greatest insecurity in this system is that a hacker can still waltz in, hack anyone's comm, and grab the keys, but there are ways to defend against this - firewalls, data bombs, and I seem to recall an option in Unwired that helps prevent files from being moved around. But there is no way to break this encryption by simply intercepting wireless signals. This helps solve, for example, the insecurity of tacnets.

Thoughts? Suggestions? Reasons why I'm wrong?


unbreakable encryption exists, as explained in Unwired, and it's basically a GM Fiat that says "no, you cant hack this".

Without breakable encryption, Hackers, who have been a major staple of the game since it's inception, become useless.

So the fluff explaination for that is decryption algorithms and computers are so awesome that no amount of encryption is safe.
Synner667
QUOTE (Starmage21 @ Apr 19 2010, 01:43 PM) *
unbreakable encryption exists, as explained in Unwired, and it's basically a GM Fiat that says "no, you cant hack this".

Without breakable encryption, Hackers, who have been a major staple of the game since it's inception, become useless.

So the fluff explaination for that is decryption algorithms and computers are so awesome that no amount of encryption is safe.

That sums it up, really.
Supposed realism, that completely goes out the window in the name of the game.
Obviously, too much to expect that players actually have to work.
Bira
Actually it just forces you to get a little more creative in obtaining those cryptographic keys, which can be a good thing depending on what tone you want for your campaigns.

The reason Shadowrun's default encryption is so weak is that SR is not trying to emulate reality. It's emulating Hollywood action movies. In action movies, hackers can always break any encryption within seconds by tapping on a keyboard for a bit. The thinking here is that realistic encryption, and the ins and outs of getting around it, are not as exciting as the shootouts, martial arts fights, car chases, and tense sneaking scenes. Therefore, encryption is set up as a minor obstacle that can be overcome in the same time frame as the exciting scenes, and is meant to be used as an additional complication.

Realistic "strong" encryption, which, even when not unbreakable, would take many years to break through brute force, works best for more "cerebral" games, where the group is indeed interested in the longer, more involved process for getting around them. Cracking an encrypted file, or tapping into a secure connection, can then become the main goal of the adventure, rather than a secondary obstacle.
DireRadiant
If we get realistic encryption, can I have realistic dragons, elves, magic and guns too?
Eratosthenes
A little imagination could see how a world that has cars that can drive themselves (better than many humans, even), could come up with fuzzy logic algorithms that break standard encryption routines.

There are two (that I can think of) problems with decryption:

1) Identifying the method of encryption
2) Breaking the cipher

For one, perhaps mathematics has discovered particular encryption methods leaves tell-tale signatures on the pattern or distribution of bits, bytes, or characters. With a method to determine the type of encryption used, you can get down to pattern matching, reverse engineering, or raw plug-n-chug analysis.

And one-time pad's aren't fool proof (you can always build a better fool!), especially if the method for randomly generating the one-time pads can be determined. Say two devices regularly exchange a nearly identical encrypted "handshake", with but the time-date stamp changing. This creates a HUGE hole in the strength of the encryption, as two messages can be directly compared. Enigma is a good example: a lot of the work breaking Enigma was thanks to encoded weather reports sent out by the Luftwaffe.

As for the game, it does provide for strong encryption, and unbreakable encryption. Personally, I'm thinking of using a house rule that the extended test for Decrypt is (Encrypt Rating ^ 2, complex action) for standard encryption with glitches causing the decrypt to have to start over and critical glitches meaning it was unbreakable for that Decrypt program. It would make Encrypt 6 take a *lot* longer to break, while Encrypt 3-4 is still manageable.
D2F
QUOTE (DireRadiant @ Apr 19 2010, 02:05 PM) *
If we get realistic encryption, can I have realistic dragons, elves, magic and guns too?

I'd be up for that =)
Draco18s
QUOTE (Ancient History @ Apr 19 2010, 08:42 AM) *
If your key is as long as your plaintext message, then by definition it's a one-time pad, which is unbreakable. I actually mentioned that in the FAQ. The problem is generating the one-time pads and communicating them without being intercepted. That's why modern (but breakable) cryptography uses pseudo-random number generation for the keys, among other things.


Pseudorandom is generally strong enough even in a ShadowRun hacking sense, as there are a multitude of random number algorithms (some more random than others), but predicting them--even in a ShadowRun hacking sense--is going to be extremely difficult as you need to know three (possibly four) things:

What the algorithm is.
What the seed was.
How much of the sequence has already been generated.
(Possibly) How often the seed is reseeded.

The only thing that makes it easier is if the algorithm is shitty:

Say, this formula I was once given (for (supposedly) generating a number from 6 to 36 with more outside results than interiors):

y = (root(60 * random) root(15))^2 + 21; //where random is a call to Flash's RNG.
Its output:
http://i42.tinypic.com/1zc4dx.png

Two other "better than Flash's RNG" formulas and distribution graphs:

var str = "0."+((Math.random()*(new Date().getTime())/Math.pow(Math.random(), Math.sin(Math.random() +
Math.cos(Math.random()*Math.PI)))));
str = str.replace(/[.-]/g,"");
http://i41.tinypic.com/106yb0x.png

and

"0."+((Math.random()*(new Date().getTime())+Math.pow(Math.random()*(new Date().getHours())+1, Math.sin(Math.random() +
Math.cos(Math.random()*Math.PI))))).toString().replace(/[.-]/g,"").substring(3,53);
http://i43.tinypic.com/24wzor9.png

However, utilizing that data requires knowing something about the RNG, which you can only get from a string of crypotext by analyzing its character makeup and comparing to the makeup of average English text. Byt th4t'z EZly D-featable.

Famous case: Kryptos. The fourth part has been unsolved for almost 20 years and it sits in the CIA's courtyard. It took eight years to solve the first three sections, the creator thought it would take 8 months and expected that the final section would take a few years. Due to how long its taken there is one other person who has the solution, in case the creator dies first so any future solution can be checked (though he doesn't know the solution off the top of his head any more anyway).
Brazilian_Shinobi
Of course, Shadowrun gives the impression that P=NP and someone reliably proved this, making possible black boxes capable of actual non-deterministic computation. This would be a lot of pain for the scientists of today to create a new way of making data secure. Of course, this would be boring and SR adopted the network/dungeon approach, where there are "beasts" defending the "dungeon".
Draco18s
QUOTE (Brazilian_Shinobi @ Apr 19 2010, 11:09 AM) *
Of course, Shadowrun gives the impression that P=NP and someone reliably proved this, making possible black boxes capable of actual non-deterministic computation. This would be a lot of pain for the scientists of today to create a new way of making data secure. Of course, this would be boring and SR adopted the network/dungeon approach, where there are "beasts" defending the "dungeon".


Right. SR wants beasts defending the dungeon, but at the same time, do away with the dungeon (see: everything is wireless, even your underwear). Means that at most paydata is 2 hops away from "you" and its trivial to avoid the beasts.

Example: hacking cyberware. Cyberware can't run IC, yet can be hacked, by RAW, wirelessly, from a distance, without going through the user's PAN (which can run IC...if their comlink isn't the el cheapo 1/1).
Tymeaus Jalynsfein
QUOTE (Bira @ Apr 19 2010, 07:56 AM) *
Actually it just forces you to get a little more creative in obtaining those cryptographic keys, which can be a good thing depending on what tone you want for your campaigns.

The reason Shadowrun's default encryption is so weak is that SR is not trying to emulate reality. It's emulating Hollywood action movies. In action movies, hackers can always break any encryption within seconds by tapping on a keyboard for a bit. The thinking here is that realistic encryption, and the ins and outs of getting around it, are not as exciting as the shootouts, martial arts fights, car chases, and tense sneaking scenes. Therefore, encryption is set up as a minor obstacle that can be overcome in the same time frame as the exciting scenes, and is meant to be used as an additional complication.

Realistic "strong" encryption, which, even when not unbreakable, would take many years to break through brute force, works best for more "cerebral" games, where the group is indeed interested in the longer, more involved process for getting around them. Cracking an encrypted file, or tapping into a secure connection, can then become the main goal of the adventure, rather than a secondary obstacle.



We use a combination of these solutions...

Breakable Encryption on most systems (Standard Rules)...
"Strong Encryption" for those systems that need more finesse than Brute strength (Optional)...

Both work out pretty well, depending upin which system you are trying to hack... sometimes we know going in which we are going to use, and sometimes we do not,... I thas wroked very well for us...

Keep the Faith
Tymeaus Jalynsfein
QUOTE (Draco18s @ Apr 19 2010, 10:19 AM) *
Right. SR wants beasts defending the dungeon, but at the same time, do away with the dungeon (see: everything is wireless, even your underwear). Means that at most paydata is 2 hops away from "you" and its trivial to avoid the beasts.

Example: hacking cyberware. Cyberware can't run IC, yet can be hacked, by RAW, wirelessly, from a distance, without going through the user's PAN (which can run IC...if their comlink isn't the el cheapo 1/1).


Just 2 Hops? Really? I do not see that myself...

Cyberware can't run IC? Really? it is a peripheral node that can be clusterd, so I would say that it CAN run IC if configured properly (and since it can contain a DataBomb on its access node (assumming that it is wireless), I do not see why it could not contain something else)... and as for the Hacking of the "ware, If you disable all of the Wireless (Doable by RAW) then you cannot hack it at all... and if you never integrated the 'ware into your PAN, then you cannot get to it that way either... so I am not sure what your point is in that example...

Keep the Faith
Eratosthenes
QUOTE (Draco18s @ Apr 19 2010, 11:19 AM) *
Right. SR wants beasts defending the dungeon, but at the same time, do away with the dungeon (see: everything is wireless, even your underwear). Means that at most paydata is 2 hops away from "you" and its trivial to avoid the beasts.

Example: hacking cyberware. Cyberware can't run IC, yet can be hacked, by RAW, wirelessly, from a distance, without going through the user's PAN (which can run IC...if their comlink isn't the el cheapo 1/1).


Cyberware operates in hidden mode, meaning that to connect to it wirelessly, you'd need to be in mutual signal range.

Since cyberware has a signal of 1...you can't exactly hack it from anywhere.

(You would have to first hack their commlink)
Draco18s
QUOTE (Tymeaus Jalynsfein @ Apr 19 2010, 11:35 AM) *
Just 2 Hops? Really? I do not see that myself...


Park the van across the street or down the block. Van -> nearby node -> target.

QUOTE (Eratosthenes @ Apr 19 2010, 11:44 AM) *
Cyberware operates in hidden mode, meaning that to connect to it wirelessly, you'd need to be in mutual signal range.


Or hack something that's in mutual range of it. Say...the vending machine, that dude's shirt, the water fountain....there's no penalty for doing that, you know. And there's a bonus: harder to trace!

And hidden mode doesn't have any effect on signal range.

QUOTE (Eratosthenes @ Apr 19 2010, 11:44 AM) *
Since cyberware has a signal of 1...you can't exactly hack it from anywhere.


Signal rating 1 gives 40 meters. There's a lot of places you can be that's 40 meters away and avoid getting shot/seen/stabbed. There's also a lot of stuff between me and the target where each object is less than 40 meters away from the next that has a signal of 1.
Minchandre
I'm very sad that no one's pointed out the primary implication of stronger encryption to the average 'runner: a proliferation of lead-pipe decryption methods.
nezumi
Note that I use SR3.


My assumption is that, because of the size and speed of data transferred for ASIST technology makes conventional encryption uneconomical (because of the lag it would cause). For my SR game, I wrote the following:


Encryption is a huge issue all on its own. In the real world, any encryption that can be broken in 5 minutes using COTS gear is trash. On the flip side, not allowing encrypted transmissions to be broken fairly easily makes decking far, far more difficult and time-consuming. This is something I've been considering for a while. I'm definitely open to thoughts on this. Generally what I've settled on is there are three basic types of encryption:

1) 1:Many, high-throughput encryption- this is what a matrix server uses. As it must cater to very, very many users and has to transmit a lot of information very quickly, it has all sorts of difficulties establishing who precisely you are, settling on encryption algorithms and encrypting and decrypting almost instantaneously. Because of these difficulties, a decker can break in with some know-how and the right tools.

2) File encryption - this is low-throughput and presumably has fewer users, all of whom already possess a shared secret like a password. This is more like conventional encryption on files. It takes time to break, sometimes a lot of time, but it's not unbeatable. A decker won't want to decrypt a file on the host because of how time-consuming it is, but he may download the file and decrypt it at his leisure.

3) 1:1, high-throughput encryption - this is what riggers generally use. Because a rigger has physical access to the device, she can install firmware like a one-time-pad which greatly increases encryption strength. If this is possible to break, it is extremely difficult and not especially expensive to install.

Shadowrun gets sort of weird in that it has a dozen different types of encryption, with different rules for each, but without any real understanding of why they're different. I think if we established the different methods, you could use them as appropriate and allow for crossover without a lot of fuss. A system may use encryption method #1 for its drones because it has a hundred people who each have to log in to a thousand specialized drones. Meanwhile, a matrix host may use #3 encryption because it's a restricted access host that only has a few users. Your own commlinks might use #1 or #3, but each one has its own special requirements in order to work. If you use #3, you can't interface with anyone until you've physically had time to fool with their device, and everyone is limited to the lowest-rating encryption in the group. If you're using #1, it's a lot more dynamic, but easier to crack.

Sengir
QUOTE (Draco18s @ Apr 19 2010, 04:58 PM) *
Or hack something that's in mutual range of it. Say...the vending machine, that dude's shirt, the water fountain....

Why hack it? Routing is done automatically, as long as some device (in active mode) is in range of a device that's in range of a device in range of your target you have a connection.


But as far as cyberware is concerned: All implants have DNI, so why bother to switch on the wireless function in public?
Draco18s
QUOTE (Sengir @ Apr 19 2010, 12:49 PM) *
Why hack it? Routing is done automatically, as long as some device (in active mode) is in range of a device that's in range of a device in range of your target you have a connection.


Voila. Dungeon removed.

QUOTE
But as far as cyberware is concerned: All implants have DNI, so why bother to switch on the wireless function in public?


Because by RAW it is. All the time. There is in fact a side panel about turning it off.
Bira
I think it's a bit of a stretch to go from "wireless functionality can be turned off" to "it's on all the time, for everything!". I see the side panels and other explanations as the authors going out of their way to explain that people aren't stupid (at least, not the people shadowrunners are likely to target). They're not going to leave wireless networks hanging out wily-nilly. In fact, one of the specific design goals of the new Matrix system is to make the really juicy hosts hard to access remotely, thus making the group's hacker have to go in and mix it up along with the rest of the team. Those secure servers are going to either be off the airwaves entirely, or will have their wireless networks sharply limited by radio-blocking paint and other similar measures, if they absolutely must have Wi-Fi.
Draco18s
QUOTE (Bira @ Apr 19 2010, 01:05 PM) *
I see the side panels and other explanations as the authors going out of their way to explain that people aren't stupid [...] Those secure servers are going to either be off the airwaves entirely, or will have their wireless networks sharply limited by radio-blocking paint and other similar measures, if they absolutely must have Wi-Fi.


The authors intentionally made it easier to target a secure location without being on-site, then wrote sidebars on how that's not the case?

That seems...counter-productive.

I also love how the authors seem to think that wifi--which is for ease of access from anywhere, and inherently less secure--is PERFECT for security devices. It's like taking your classic CC TV (that stands for "closed circuit television" which means its not on the 'net which means it is simply NOT HACKABLE from the outside) and putting it on wireless, and then having rules that say that any wireless device can connect to any other wireless device (provided signal range). That means that your CEO's personal computer is on the same network as the door lock on the front of the building which is on the same network as the coffee shop across the street, which is....

You get the idea. They intentionally made everything easier to access from the matrix, didn't put in any of the Domain boundaries that exist in the real world, and then had to go "waitaminute" and whip up some half-assed explanation on why it doesn't work that way (wifi-inhibiting paint in every room, which means that the security camera can't talk to the main security server...oh, well, maybe we need something else too. Uh, encryption...wait, that's trivial to break. Um...).

They took out the dungeon (the matrix map) in favor of "automatic routing" and then had to bullshit a reason why you can't just hack anything from anywhere adding the dungeon back in.
sunnyside
QUOTE (kjones @ Apr 19 2010, 09:37 AM) *
This cipher is unbreakable because while I could try guessing different keys and seeing if I get "dumpshock" back, I would only know that's the correct answer if I knew it going in - "eplxadppp" could also mean "kjonesroxx" or "iluvdandd" or anything, and there's no way of knowing. (Assuming that the key generated was perfectly random.)



While that's true, only one of those will make the rest of the text or whatever come out legible.

If you presume the existance of quantum computers they may be able to crack all sorts of stuff simply be requiring the system to collapse into something that matches a known language. I'm not sure how in the world to actually do that, but it would seem to be within the realm of theoretical possibility... At the least I've seen people writing about quantum computers being able to bust the classic prime # problem that way.

However, in the end it comes down to us knowing a lot less about this stuff than the Hackers, Deckers, or Otaku.

Imagine people in our past an equal distance to where SR is set in the future. I think that's what, 63 years now? So that'd be 1947. Stuff that was probably considered ubreakable without capture of a machine would be eaten for breakfast by modern computers. The people of that era would probably have a hard time wrapping their heads around what our desktops can do.

So, given that we can't really know what things are going to be like in encryption, we might as well select something that's fun smile.gif


Also, since I was thinking about it, one time pads might be hard to use in SR because of the realities of interferance and the hacker sending in their own signals. The security of a one time pad is based on a lot of assumptions, and when you start doing things like resending, responding to everything in the air, or resorting to pseudorandom numbers stuff starts breaking down.

Sengir
QUOTE (Draco18s @ Apr 19 2010, 05:51 PM) *
Voila. Dungeon removed.

Well, the dungeon in removed (that's why I dislike the subscription rules - I again have to design a dungeon, but only for my PAN?), but the big bad monster (aka "the badass IC") guarding the door to the treasure is still there.


QUOTE
Because by RAW it is. All the time.

By RAW most cyberware has some wireless capacity...but who the hell would want to keep that active? And even if it is active, it should still be slaved to your 'link (and if you are lucky, that 'link is slaved to the TM's bionode wink.gif )
Draco18s
QUOTE (sunnyside @ Apr 19 2010, 01:19 PM) *
While that's true, only one of those will make the rest of the text or whatever come out legible.


Actually, no. It comes out legible for every 9 letter word.

And there's a lot of those.

Also: when encrypting more data, you don't encrypt just the letters. You encrypt the spaces and punctuation too (requires 92 encrypt-able characters, IIRC*). Add in an additional number of standard (but not on the keyboard) characters and you get 114.** Bump that up to 128 and you can encrypt any stream of data, parsed into 7 bits each, though likely you'd hop up to 8 bits so each encryption character is a nice even byte in size.

*26 letters *2 + 10 numbers = 62.
+10 number-key symbols = 72
11 additional dual-symbol keys * 2 = 22
72 + 22 = 94.

So close. Off by 2.

**Basing this number off Flash's embed font option. Upper, lower, number, and symbol total to 114 characters.
Bira
I figure that the prevalence of "easy" wireless connections applies more to the day-to-day lives of people in the Sixth World than to the hypothetical ultra-secure facility we all like to use in our examples. That place is certainly not going to bother with wireless connections for anything that doesn't absolutely require it. If all the camera feeds go into a central server, which is itself behind a RF-inhibiting barrier, then of course they're connected to it by hard lines rather than wi-fi.

The cutting edge in security doesn't have to be old-fashioned, centrally controlled CCTV cameras, though. You could also have a place liberally sprinkled with tiny sensors of varied types linked into a mesh network with all the drones and guards patrolling the area, protected by a dramatically appropriate level of encryption (see my first post here). It's all behind its own RF barrier, of course, so you have to get into the sensors' range before you can hack them. There isn't a single place you can hack to take control of the whole network, either, which would be the case with the camera server.

Pervasive wireless networking opens up new applications, but the people that design security systems aren't going to use it for those applications where wired networks are obviously better. That's plain common sense, IMHO. The game does give you some chances to shoot yourself in the foot when it comes to wireless security, but it doesn't mean everyone will jump at those smile.gif.
kzt
QUOTE (Brazilian_Shinobi @ Apr 19 2010, 10:09 AM) *
Of course, Shadowrun gives the impression that P=NP and someone reliably proved this, making possible black boxes capable of actual non-deterministic computation. This would be a lot of pain for the scientists of today to create a new way of making data secure. Of course, this would be boring and SR adopted the network/dungeon approach, where there are "beasts" defending the "dungeon".

What that means, essentially, is that all the things we thought were really, really hard are really trivially simple. So that means you can have 6 month weather forecasts that are as accurate as the modern 2 day forecast. And things like matching fragmentary evidence solidly to a suspect? Child's play. Predicting where a shadowrunner will strike? Got that covered too.
kzt
QUOTE (Minchandre @ Apr 19 2010, 11:12 AM) *
I'm very sad that no one's pointed out the primary implication of stronger encryption to the average 'runner: a proliferation of lead-pipe decryption methods.

It's technically called Rubber-hose cryptanalysis.
Tymeaus Jalynsfein
QUOTE (Draco18s @ Apr 19 2010, 10:58 AM) *
Park the van across the street or down the block. Van -> nearby node -> target.



I see it a more, Van > Nearby Node > Target Public Access Node > Access to the Non-Public Node > Search around in various Nodes > until you find the Paydata Node...

Minimum of 6 Nodes, and possibly even more...
Anything else is just a simplified Matrix Hack (1,2,3)... Nothing wrong with that, but I just prefer my matrix nodes to be a little more challenging, and possibly mimic a network that is not open to just anyone... Sometimes you will only need a Public Node for what you intend, but you cannot always count on that...

And on the other topic, If yuo have implanted cyberware that has signal rating 1 enabled, you deserve to be hacked... And I was under the impression that it was Signal 0 not Signal 1 anyways... even at Signal 1 (3 Meters) you deserve to be hacked... Turn that stuff off/Disable it entirely... it is not needed.

Keep the Faith
Draco18s
QUOTE
It's technically called Rubber-hose cryptanalysis.


Also Black Bag Cryptanalysis

QUOTE
I see it a more, Van > Nearby Node > Target Public Access Node > Access to the Non-Public Node > Search around in various Nodes > until you find the Paydata Node...

Minimum of 6 Nodes, and possibly even more...
Anything else is just a simplified Matrix Hack (1,2,3)... Nothing wrong with that, but I just prefer my matrix nodes to be a little more challenging, and possibly mimic a network that is not open to just anyone... Sometimes you will only need a Public Node for what you intend, but you cannot always count on that...



Ah, but that's personal preference. There's nothing in the rules that says it has to be that way.

(Edit note: apparently in quick-edit, if there's a BBCode tag error, it turns all your ' into \' )
kzt
QUOTE (sunnyside @ Apr 19 2010, 12:19 PM) *
If you presume the existance of quantum computers they may be able to crack all sorts of stuff simply be requiring the system to collapse into something that matches a known language. I'm not sure how in the world to actually do that, but it would seem to be within the realm of theoretical possibility... At the least I've seen people writing about quantum computers being able to bust the classic prime # problem that way.

No, the output of random keys will be random text. Some of it will make sense due to chance. It's the Infinite monkey theorem. Whether "Romeo and Juliet" was what was put in by the original encoder there is going to be at least one key that will have it as the output.

The issue with OTPs is the practical generation and operational usage, not the theory. The KGB used OTP to communicate with their US agents, and due to operational mistakes, many messages were successfully attacked as part of the Venona project.
Tymeaus Jalynsfein
QUOTE (Draco18s @ Apr 19 2010, 01:27 PM) *
Also Black Bag Cryptanalysis

Ah, but that's personal preference. There's nothing in the rules that says it has to be that way.


I will grant you that it is personal preference, but it Should be that way in my opinion. Most RL systems are designed that way, and I do not see that changing in the game, it is just good practice... Shadowrun had to make some allowances to make the Hacker a viable option (Thus the Ecnryption thing every body hates), but that does not mean that the system architecture should be dumbed down right along with it...

Keep the Faith
Eratosthenes
QUOTE (Draco18s @ Apr 19 2010, 11:58 AM) *
And hidden mode doesn't have any effect on signal range.


You're right. Hidden mode does not affect signal range. But it does prevent you from accessing said node from the matrix at large.

You have to be in mutual signal range to communicate with a device. Otherwise, one of the devices can send signals, but you won't get any feedback/confirmation. So a Signal 6 commlink and a Signal 0 cyberarm must be within the cyberarm's Signal 0 range.



QUOTE (Draco18s @ Apr 19 2010, 11:58 AM) *
Signal rating 1 gives 40 meters. There's a lot of places you can be that's 40 meters away and avoid getting shot/seen/stabbed. There's also a lot of stuff between me and the target where each object is less than 40 meters away from the next that has a signal of 1.


Looking it up just now, most cyberware (and things like smartlinks) have a signal of 0, which is a range of about 1 meter.
Tymeaus Jalynsfein
QUOTE (Eratosthenes @ Apr 19 2010, 01:32 PM) *
You're right. Hidden mode does not affect signal range. But it does prevent you from accessing said node from the matrix at large.

You have to be in mutual signal range to communicate with a device. Otherwise, one of the devices can send signals, but you won't get any feedback/confirmation. So a Signal 6 commlink and a Signal 0 cyberarm must be within the cyberarm's Signal 0 range.

Looking it up just now, most cyberware (and things like smartlinks) have a signal of 0, which is a range of about 1 meter.


Not sure where you looked but my copy of the book lists Signal 0 as 3 meters... Page 222 of the SR4A book...

Keep the Faith
Demonseed Elite
It's possible there's an error somewhere about cyberware having a Signal Rating of 1. If I recall correctly, in the first printing of SR4, it said cyberware was Signal 0 in one place and Signal 1 in the other.

This was because during early playtesting, there was no Signal 0. I argued strongly for it because I didn't feel intra-PAN devices should be broadcasting for 40 meters (or whatever Signal 1 is, I forget).
Draco18s
QUOTE (Eratosthenes @ Apr 19 2010, 02:32 PM) *
You're right. Hidden mode does not affect signal range. But it does prevent you from accessing said node from the matrix at large.


Not really. You just need to make a scan test* to see that it's there, and if you can see it in meatspace you get a bonus to the check. Once you can see the node you can hack it.

*I forget what it is called
kjones
I recognize that Shadowrun is just a game, and that realism and playability are often mutually exclusive. This happens to bug me because I know a bit about cryptography - if I knew about guns, I'm sure that the gun rules would bother me.
Tymeaus Jalynsfein
QUOTE (Demonseed Elite @ Apr 19 2010, 01:45 PM) *
It's possible there's an error somewhere about cyberware having a Signal Rating of 1. If I recall correctly, in the first printing of SR4, it said cyberware was Signal 0 in one place and Signal 1 in the other.

This was because during early playtesting, there was no Signal 0. I argued strongly for it because I didn't feel intra-PAN devices should be broadcasting for 40 meters (or whatever Signal 1 is, I forget).



No Problems... Thanks for the Insight...
I agree, Intra-PAN devices should not broadcast at 40 Meters... ridiculous indeed...

Keep the Faith
Tymeaus Jalynsfein
QUOTE (kjones @ Apr 19 2010, 01:50 PM) *
I recognize that Shadowrun is just a game, and that realism and playability are often mutually exclusive. This happens to bug me because I know a bit about cryptography - if I knew about guns, I'm sure that the gun rules would bother me.



I have to agree with you kjones...

I know a fair bit about weapons, and the rules do bug me a bit... but you are right... it is a game, and sometimes reality needs to take a hit to make the game playable...

Keep the Faith
D2F
QUOTE (kjones @ Apr 19 2010, 07:50 PM) *
if I knew about guns, I'm sure that the gun rules would bother me.

Yes, they would =) As would the damage rules in general.
The point is, though, that the rules aren't meant to be a realistic representation, but an abstract one. An abstract one meant for cinematic entertainment, no less. A purely realistic SR would not be fun for a large number of current SR players.
Tymeaus Jalynsfein
QUOTE (D2F @ Apr 19 2010, 02:00 PM) *
Yes, they would =) As would the damage rules in general.
The point is, though, that the rules aren't meant to be a realistic representation, but an abstract one. An abstract one meant for cinematic entertainment, no less. A purely realistic SR would not be fun for a large number of current SR players.


Ain't that the truth...

Keep the Faith
kzt
The critical fail in a lot of the rules isn't that they are not realistic, it's that the people writing them don't know what reality is. For example, if you don't understand that the reason why people can transmit money across the internet is because of effectively unbreakable encryption and instead think that the only use for encryption is securing "secret files" you'd write something like SR4.
D2F
QUOTE (kzt @ Apr 19 2010, 08:03 PM) *
The critical fail in a lot of the rules isn't that they are not realistic, it's that the people writing them don't know what reality is. For example, if you don't understand that the reason why people can transmit money across the internet is because of effectively unbreakable encryption and instead think that the only use for encryption is securing "secret files" you'd write something like SR4.

While that is certainly true (especially when it comes to things like Cyberware and Bioware) it's not exactly the point, though. Just like good action movies, the dramatization is more important than the realism. All you need is to achieve a suspension of disbelief. Some shows/movies achieved that even despite their blatant ignorance of even the most basic scientific facts (Star Trek), other by ignoring science alltogether and simply presenting a believeable reality (star wars) and some even combine a good dose of realism with pure cinematc drama (Bourne Identity). The point of any cinematic entertainment is not realism, but personal drama and contest. The struggle of the individual through all the hazards and trials on the way.
Have a look at "hacking" in movies. Not the SR kind of hacking, but ANY hacking. I don't know of even a single Movie that depicted hackers in something even remotely realistic. Why? Because watching a guy probe a system for weeks is boring beyond belief. Same goes for weapon knockdown. You ever seen how far a real bullet would propel a hit target through the air? Compare that to cinematic action scenes.
And it's not just that, either. The target audience, primed through decades of action movies have a certain expectation to what they consider "realistic", even if some of those expectations are so far off the mark to be laughable. But they want to be their own action movie superstar, pulling off all the stunts they have seen their favorite action hero perform. Any RPG rules need to allow that, or they would be unsatisfying for a lot of potential customers. And unsatisfied customers don't buy products.
The RPG industry is an entertainment industry and as such needs to entertain. If they fail to entertain, they fail at their purpose. Realism is the realm of simulators and while the simulator industry is a giant in itself, it is not related to the RPG industry, nor their customers.

That all said, there is a small (and I need to stress "small" in this context) part of the SR community that love realism more than cinematic action. I count myself among them. We adjust rules that need adjusting. We play with character and adventure concepts that fit our view of what we consider "realistic" and we invest a lot of time in researching how to be a "shadowrunner", by looking at real special ops, real spies and real weaponry to see how they act and behave in such a situation. We also look at realistic payouts, but that's a different story alltogether.
We cannot criticize the rules for their lack of realism, though. The game is not meant to be realistic. A lot of people would not enjoy it, if it were realistic. And most people would bore themselves to death having realistic hacking rules. A game that is not fun is not entertainment. A game that defies basic logic makes supension of disbelief difficult, though, so a proper balance needs to be achieved.
Draco18s
QUOTE (kzt @ Apr 19 2010, 03:03 PM) *
it's that the people writing them don't know what reality is. For example, if you don't understand that the reason why people can transmit money across the internet is because of effectively unbreakable encryption and instead think that the only use for encryption is securing "secret files" you'd write something like SR4.


Oh yeah. You can't "print" money in ShadowRun because of the super-awesome encryption, yet the device rating of a credstick is very low. Not to mention spoofing the stick into thinking is has money. And...and...and...

Yeah. You make a system where "everything is hackable" except the things that should never be hackable (money, banks, SINs) and then provide 0 rules to allow anybody else to secure anything to that level.

And then you get people like my GM who found the Four Programs to Comlink Security:

Analyze, Black Hammer, Armor, Agent. You get an agent, give it armor, analyze, and black hammer. If it sees something (which it will, with its high dice pool) it smacks it with black hammer, forcing the hacker into a cybercomat they can't win.
Dixie Flatline
I don't have a problem sacrificing realism for game play and balance. In fact, just the opposite.

However, I *do* have a problem sacrificing common sense for gameplay "flavor". RAW, matrix rules mean that the entire economy of Shadowrun would collapse under mega-inflation within months, since essentially *everything* is hackable within a few moments. This requires no computer knowledge to realize the conclusion.

If you want to actually include nebbish "real world" complaints, the idea of a "flat" Matrix topology makes me want to scream in agony. Routing requires routing tables, pure and simple. In order to route data from point A to point B, you have to know where to send the data. Which means you need "next hop" information. In a tiered network, this is trivial. You let core routers do all the real heavy routing and everything else has a handful of "next hop" entries for major categories of traffic.

The more flat your topology gets, the more entries each router needs to have. There's a command in Cisco routers that turns your router into a supernode, which means, essentially, it downloads a major portion of the topology of the internet. Unless you have a core router capable of 100,000 routing entries, your router is going to crash horribly. And that's for a tiered structure. With the flat wireless matrix topology, a supernode probably would have hundreds of millions, if not billions, of routing tables. Since the Matrix is a wireless full mesh topography, that means each node, from the vending machine to the supercomputer running Seattle's matrix, needs to have an immensely large routing table, since any node could transmit and relay any amount of data, at any time, to anywhere on the matrix.

That has to be one motherf*cking HELL of a routing protocol to process something even approaching full VR to wherever it needs to go with minimal latency.

I know the argument... "but hardware has advanced in SR to the point where that's possible". Okay, sure, but the computation power of something like that has to be *non* trivial, and switching to a tiered system where every comlink didn't have to sort through a billion routing entries to make an efficient connection for each packet of data would open up that non-trivial computational power so that you could use it for something else.

I could design, in probably 3-5 pages, a matrix topology that relies heavily on wireless, that makes sense from a computer user's point of view. A lot of things would be different about the matrix, but you wouldn't have people asking "sh*t, why don't I just forge craploads of credsticks?"
Draco18s
QUOTE (Dixie Flatline @ Apr 19 2010, 03:56 PM) *
I could design, in probably 3-5 pages, a matrix topology that relies heavily on wireless, that makes sense from a computer user's point of view. A lot of things would be different about the matrix, but you wouldn't have people asking "sh*t, why don't I just forge craploads of credsticks?"


Do it. I might actually start liking the Matrix again.
D2F
QUOTE (Dixie Flatline @ Apr 19 2010, 08:56 PM) *
I could design, in probably 3-5 pages, a matrix topology that relies heavily on wireless, that makes sense from a computer user's point of view. A lot of things would be different about the matrix, but you wouldn't have people asking "sh*t, why don't I just forge craploads of credsticks?"

Please do it, then. And post it, so I can use it, too. biggrin.gif
nylanfs
I would LOVE to see that as well.
Minchandre
QUOTE (Dixie Flatline @ Apr 19 2010, 01:56 PM) *
I could design, in probably 3-5 pages, a matrix topology that relies heavily on wireless, that makes sense from a computer user's point of view. A lot of things would be different about the matrix, but you wouldn't have people asking "sh*t, why don't I just forge craploads of credsticks?"


I'm a computer (okay, electrical) engineer, specializing in signal processing and communications; I might be able to lend a hand if you want.
Synner667
QUOTE (Dixie Flatline @ Apr 19 2010, 09:56 PM) *
However, I *do* have a problem sacrificing common sense for gameplay "flavour".

That's it, exactly.

It's not about computer networks being realistic, as in they would work in the realworld...
...It's the handwavium nature of "nah, it doesn't have to be sensible, vaguely consistent or blatantly non-stupid. just do it"
D2F
QUOTE (Synner667 @ Apr 19 2010, 09:27 PM) *
It's not about computer networks being realistic, as in they would work in the realworld...
...It's the handwavium nature of "nah, it doesn't have to be sensible, vaguely consistent or blatantly non-stupid. just do it"


QUOTE (Dixie Flatline @ Apr 19 2010, 08:56 PM) *
I don't have a problem sacrificing realism for game play and balance. In fact, just the opposite.

However, I *do* have a problem sacrificing common sense for gameplay "flavor".


Yet, none of you have a problem with healing in SR?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Dumpshock Forums © 2001-2012