Eyeless Blond
Apr 8 2004, 05:31 AM
So far I've seen at least four different rules for ways to encrypt and decrypt things, starting with the rather useless one on sr3 p.292-293 to the much harder to crach--and, paradoxically, lighter and cheaper--units used in R3. Which ones can you use for which situations, and what's the best, in general, to use for keping runners in contact with each other?
Frag-o Delux
Apr 8 2004, 05:41 AM
The ones in SR3 are for normal comm gear, the ones in R3 are for networks. They are not compatible. Well I am pretty sure they are not, we just had a discussion about them in the rigger thread.
i love how the entire concept of networking apparently got lost in the crash. i should have one of my characters start a major corporate war by inventing the goddamn token ring.
SR's encryption rules are completely spastic. the only possible way to partially explain it is that someone found a mathematical shortcut that allows you to solve incredibly complex equations involving prime numbers a couple million times more quickly than today's math can (this is theoretically possible; there's a pair of twins in the UK--i think it's the UK--that spend their spare time trading insanely large prime numbers; obviously, some sort of shortcut to generating such large primes exists). even then, it should be a relatively simple matter to just generate higher levels of encryption, and make such a shortcut obsolete.
furthermore, there's absolutely no reason why something that decrypts rigger network encryption should be unable to decrypt regular radio traffic--it's all the same goddamn thing. rigger networks simply transmit a lot more data.
with that rant out of the way, your best bet is probably figuring out a way to run it through the rigger's RCD.
Moon-Hawk
Apr 8 2004, 03:11 PM
QUOTE (mfb) |
SR's encryption rules are completely spastic. the only possible way to partially explain it is that someone found a mathematical shortcut that allows you to solve incredibly complex equations involving prime numbers a couple million times more quickly than today's math can |
What's that rule? Our computing speed approximately doubles every year, and has for several years? Actually, I heard recently that our rate was increasing, up to more like every nine months, but for now let's assume we keep the current trend and double every year, like we have been doing for the last few decades. So 60 years, that's 2^60, or about a million, million, million times faster. (quintillion, for those keeping track) So, even if computing is a trillion times slower than projections indicate, they still do what you suggest.
Remember, even the first-gen cyberdecks were beyond supercomputers by our standards, the 6th-gen ones make those look like pong.
CardboardArmor
Apr 8 2004, 03:21 PM
QUOTE (mfb) |
furthermore, there's absolutely no reason why something that decrypts rigger network encryption should be unable to decrypt regular radio traffic--it's all the same goddamn thing. rigger networks simply transmit a lot more data. |
I'd argue with this. It's the same reason why your wiz-bang CD drive won't play DVD's. Encryption and compression methods, data formats, all sorts of transmission factors come into play. Granted, the carrier signal might be the same (and hence subject to jamming), but decryption would be a no-joy.
Lilt
Apr 8 2004, 03:35 PM
Actually encryption isn't all that hard to break, you just need to use something as powerful as the human brain. I once heard that if you convert data encrypted with RSA encryption into sound (I don't think it was a direct wav translation) then a trained expert can figure-out the prime numbers involved in some ridiculously small period of time (15 minutes or something) just working by ear.
Of-course this is hearsay and I've never done it myself.
John Campbell
Apr 8 2004, 06:51 PM
QUOTE (Moon-Hawk) |
What's that rule? Our computing speed approximately doubles every year, and has for several years? Actually, I heard recently that our rate was increasing, up to more like every nine months, but for now let's assume we keep the current trend and double every year, like we have been doing for the last few decades. So 60 years, that's 2^60, or about a million, million, million times faster. (quintillion, for those keeping track) So, even if computing is a trillion times slower than projections indicate, they still do what you suggest. |
Except that any advance in computing power can also be applied to the encrypting. And encryption is easier than decryption. Massively easier. Linear increases in keysizes result in geometric increases in cracking difficulty. Switching from a 64-bit key to a 65-bit key will double the power required to crack the encryption in a given amount of time, with a trivial increase in power required for the encryption. Switching from a 64-bit key to a 128-bit key will make the encryption 2^64 times harder to crack. That'll swallow up all your hypothesized increase in computing power, and then some. And the best part... you won't even notice the difference in encryption times, even with a modern CPU.
distributed.net cracked RC5-64, using a distributed effort from hundreds of thousands of computers all over the globe. It took us five years. (And that only decrypted that data; it didn't break the algorithm. If we want to crack another instance of RC5-64-encrypted data, we have to do it all again.) If we assume that Moore's Law holds out for the next 60 years (it can't... Heisenburg will kick our butts long before then), a similar 2064 effort to break RC5-128 would take eighty years. And RC5-128 encryption can be performed on the fly almost invisibly by modern machines. Imagine the kind of encryption that machines 2^60 times faster can use...
You have to assume a qualitative improvement in decryption methods. Simply assuming a quantitative improvement in the amount of processing power you can throw at the problem puts you on the losing end of the battle.
Moon-Hawk
Apr 8 2004, 06:58 PM
I know, I'm on distributed.net.
My point was that increasing processing power is obviously not the solution since SR processing power is extremely increased and yet...y'know what? Nevermind. I've read my post, and my point was extremely poorly made. From the looks of it, I forgot my point halfway through writing it. I fold.
bahwi
Apr 8 2004, 07:01 PM
Remember, a lot of the comm gear as well as other gear has the encryption routines and the DRM built into the device. Buying something with decryption IMO is a hacked-up version of a radio or whatever, and then it only sometimes will work if it can break the key. A lot of this stuff is built in, not just software based as it is now in our time. (And yes, DRM is coming, and hard-wired encryption is too, and when it is here and too complex for people to make in their spare time ---> SEE DishTV and DirectTV, you have to copy a H card or other type of card to pirate it, or get it legally. No one has yet re-created this software wise, even though it is broadcast all over the US and SkyTV(I think) is broadcast all over england and beyond!). So that is an idea of what is to come. Yes, the encryption and decryption rules are simplified for game play, but I think that applying todays concepts of software encryption would be incorrect as well. Use the coming soon to your motherboard, in your IPOD, Otis, and other MP3 players, etc.. DRM and the DishTV/DirectTV hardware-based card encryption that no one has cracked via software yet(AFAIK) to plot out more advanced rules if you think they are necessary.
If you do, post a link and PM it to me cuz I wouldn't mind them. It just isn't as big a concept in my game (yet) as it is for most others.
Eyeless Blond
Apr 8 2004, 07:42 PM
The real problem is that a well-designed encryption algorithm isn't balanced in-game, so you have to figure out something that *is* balanced and work with that, much like the rules for all of decking. As you guys have said, currently on the market are many free or very cheap encryption methods that are impossible to break by anything short of either exponentially more computing power or a complicated man-in-the-middle attack, which pretty much means that the spy has no chance of decrypting something that an encrypter really sets his mind to hiding. In addition, there is a certain type of encryption called a one-time pad that is provably unbreakable, with the complication that the secret key must be at least the same size as the data being transmitted.
On the flip side, I expect that
quantum computing will become viable in personal systems by then (thus the reason programs and processors alike are encoded on optical chips), and that pretty much changes all the known rules of what is calulable in polynomial time. There are already mathematicians working on writing programs for this kind of computer, and the results are frankly amazing. I've heard one grad student wrote a program that can factor a number in polynomial time, which would basically make all current reasonable forms of encryption obsolete.
Moon-Hawk
Apr 8 2004, 07:48 PM
QUOTE (Eyeless Blond) |
In addition, there is a certain type of encryption called a one-time pad that is provably unbreakable, with the complication that the secret key must be at least the same size as the data being transmitted. |
So you can feely distribute the encrypted file with no worries, you only have to keep track of the key.
But...If the key is just as big as the original file, why not just keep track of the original?
p.s. This is a joke. I DO see the potential for increased security (needing both files), if anyone tries to explain it to me I've got a carp here with your name on it.
cardboard, i'd possibly allow that a regular radio network can't handle/decrypt a rigger network. however, a rigger network ought to be able to handle/decrypt a radio network, much the same way that a DVD player can play CDs.
John Campbell
Apr 8 2004, 11:08 PM
We've discussed one-time pads here before on a couple of occasions, and generally seem to end up with opinions split between those that believe that introducing theoretically unbreakable encryption into Shadowrun would break the game, and those (including myself) that believe that the limitations within which OTPs have to be used to actually be unbreakable are sufficient to keep them from breaking the game, and, if used realistically, can actually add to the game by requiring more interesting methods of attack on certain bits of data than just having the decker spend ten minutes with a Decrypt program.
on quantum computing: i honestly don't see that happening, in SR. if it did, every VR system would be ultraviolet-rated, and the most powerful systems around would be about the size of your hand. implanted computers--smartlinks, tactical comps, etc.--would cost about 0.01 essence. quantum computing is disturbingly powerful.
gknoy
Apr 8 2004, 11:38 PM
QUOTE (mfb) |
on quantum computing: i honestly don't see that happening, in SR. if it did, every VR system would be ultraviolet-rated, and the most powerful systems around would be about the size of your hand. |
BTW, most of the powerful systems ARE small. Cyberdecks are like the size of a bible or small dictionary, IIRC.
How hard is it to simulate quantum computing? ie, without a real quantum computer? This is all pretty unlikely (as I imagine that emulating QC is pretty Hard as computing tasks go), but perhaps the SR tools use emulated quantum computing, and therefore the different ratings of encryption/decryption simply reflect a more robust and optimized emulation?
probalby not. Honestly, I think I agree totally that the encryption rules are completely knackered, and made a total sacrifice of real-worl-believability for game-world-balanceability.
That said, snooping encrypted communications or data STREAMS could be more possible -- poorly implemented encrypters could have a lot of redundant data, etc, or known plaintext portions, which would make cracking the data significantly easier in a data-analysis sense. Or they might have a [known?] weakness in their random key generators, or things like that. Maybe then the different rating decrypt software isn't reallt about true encryption-cracking, but about data-analysis to find keys and thereby uncover the data. Kindof like how l0pht-crack can pwn windows passwords, lol.
That said, it should be extremely fast and easy to encrypt something of nearly arbitrary strength, given the computing and media-processing power of the matrix (think of the massive parallell processing and transfer abilities needed for a sculpted host, for example), and still take a Long Time to crack.
I'd be interested in seeing how well decking would work if we fiddled the encryption-related rules to be more realistic. =) I like John Campbell's point -- it might make it harder to do thins the Current Way, but it could potentially open all sorts of other doors in terms of story options. On-site access would be more important, and legwork to find existing legit users of the system (to snoop their communications or swipe their hardware) would probably become more prominent.
Of course, this makes Otaku all the more powerful, I imagine, in that some of them are probably certainly encryption savants
QUOTE |
implanted computers--smartlinks, tactical comps, etc.--would cost about 0.01 essence. quantum computing is disturbingly powerful. |
Ah, but essense cost is not solely about Size, but about the degree of invasiveness for its' connections to the body. I bet that cranial cyberdecks are not simply a reduced size deck crammed into your skull, but uses portions of your wetware to aid in processing/connectivity.
theoretically, it's possible to simulate any computing system with any other computing system. you could emulate a Cray with an abacus--which is about the comparison between modern computing and quantum computing. something that a quantum computer could calculate in seconds, a bank of our most powerful supercomputers would spend years on, if not decades or even millennia.
there ought to be a specialization of Computers and Electronics called Cryptography. acts as a complementary skill to crypto stuff.
gknoy
Apr 9 2004, 06:46 AM
QUOTE (mfb) |
you could emulate a Cray with an abacus--which is about the comparison between modern computing and quantum computing.
there ought to be a specialization of Computers and Electronics called Cryptography. acts as a complementary skill to crypto stuff. |
Yeah, I figured the emulation was pretty infeasible.
re: encryption:
I considered it less Computers, and more a Knowledge skill. Why? Because cryptanalysis is much more about heavy theoretical mathematics than it is about computing. That's why the NSA is (I hear) the largest employer of mathematics majors.
nezumi
Apr 9 2004, 01:49 PM
Here's a thought (based off of the one mentioned earlier)...
Unlike now, no one offers their "free" encryption protocols. You have to pay to get a black box of DES or what not, everything is carefully kept black box and carefully guarded. The corps realize how valuable data is and all that. So the rating 4+ encryption algorithms, despite being pretty basic (and perhaps a level 8 is just two level 4's tied together), is sold at an unnaturally high price. Level 3 and below are those made by random people who aren't quite as sure what they're doing, and do have more vulnerabilities/are more simplistic. The decryption algorithms then is your data search. It identifies the algorithm (this is usually stated in the handshake to begin with, so its not secret), then searches for known vulnerabilities.
Wireknight
Apr 9 2004, 06:30 PM
The only real problem with this is the fact that there are two(three, if we subdivide the first) sources of encryption technology. The first is private individuals(freelancers/open-sourcers and corporations being a good subdivision to make), the second is where the aforementioned likely came from, i.e. the halls of academia.
Encryption algorithms developed as part of theoretical mathematics research would be published in journals. Individuals who wrote encryption would likely be willing to release their cryptographic protocols publically and for free(see PGP). No one releasing anything they develop, in the future, is like saying people won't ever program or develop theories, except under the direct supervision and oversight of a corporation.
If there are no independent algorithmic thinkers and actors in the future, it makes Shadowrun a pretty boring place to be a technophile.
hobgoblin
Apr 9 2004, 06:47 PM
unless your on a corps payrole. the problem with any type of encryption is that its a gamebreaker for the pure techie most often, it basicly makes all your hard work useless unless you can get hold of the key. and getting the key is a effort in physical detective work more often then computer work, therefor breaking with one of the pillars of classical cyberpunk (i know neuromancer was written by someone that didnt know what a computer was or how it worked). if you want a more realistic look at computer security then take a look at blue planet.
gknoy
Apr 9 2004, 07:36 PM
Except, the world of encryption is the opposite of the resty of the world, when it comes to wanting secrecy. Secret algorithms are almost always weaker. The only way algorithms can be proven to be secure is by peer review, and cryptanalysis by many others. (Many people WANT secret algprithms, and there are a lot out there, but there's no proof that they are any good.)
I could make up my own algorithm right now, and call it CrytoTwiddle, and market it as usable for the latest secure communications protocol; but I am not omniscient enough (indeed, NO ONE is) to know that it is secure on all fronts: key management, transfer, generation, is there any repeated plaintext or anything that makes an
implementation of an algorithm weaker? These are the sorts of questions that cryptanalysts look at, in addition to the math behind the base algorithm.
Even a corporate-sponsored research lab, I believe, would have a hard time coming up with an encryption method that was secure enough. "Security through obscurity" simply means that no one knows how it's done -- and thus can't duplicate / break it; however, this is totally insecure: there is no such thing as real security through obscurity. Once any person knows how it works, and publishes (such as to Shadowlands), you're screwed.
I imagine that the largest communities of encryption experts are actually active on Shadowlands, or perhaps in a think-tank sponsored by many corporations (and employing MANY researchers - like a conglomerate multi-lab
). It's the only way to get the sort of peer review needed to ensure that somethign is _secure_, as opposed to "not broken YET".
Heh yea that is sort of funny, the idea that encryption would be game breaking because decking would be impossible. Isn't it nice to know that computer hacking in the real world is impossible because of encryption?
It would just be a bit different, and there would probably be more RP and on site stealing needed for a decker to get anything done. Maybe the rest of the team's job would just be to hook the deckers dongle onto a computer inside the corp hq and get a pass phrase from some employee. The matrix combat stuff already has absolutely no attatchment to any conceivable reality, so nothing about it needs to change unless you want to make the system realistic (meaning pretty much requiring an obsessive personality due to the slow tedium of it and making most of it a technical procedure rather than a combat one).
A few, imho really irritating, elements would be gone from the game. Encrypted radio com would be easy and unbreakable. No more drone control contests. You could still do electronic warfare to disrupt communication, but you would not be able to take over another persons drone with a simple die roll.
hobgoblin
Apr 10 2004, 02:16 AM
heh, takeing over a drone with a simple die roll. thats the player talking, not the char. the char would be fakeing signal packages so that the drone thinks its talking to the boss when told to to redo the handshake routine and hook up to a new datastream.
i find the idea of unbreakable encryption more irritating then the ability to listen in on radio traffic or takeing over control of a drone. if someone can take over control of a drone then so can the original owner. if the runners can get into the radio traffic of the secuirty then so can the security do to the runners. anything in sr is a doubleedge sword. sure unbreakable encryption makes the game easyer for the gm but it allso makes it less fun for the players as it removes ways for them to avoid being railroaded by the gm.
mfb
Apr 10 2004, 03:28 AM
well, yes, unbreakable encryption does limit the players' options--but if it hadn't been offered as an option in the first place, no one would complain. nobody complains about gravity, either.
hobgoblin
Apr 11 2004, 12:45 AM
LOL
thats one way to look at it
Eyeless Blond
Apr 11 2004, 01:12 AM
My problem with encryption is that it's essentially useless, especially broadcast encryption. If I'm paying that ridiculous fee for something that IRL I can get for free off the 'net, I'd perfer it to at least be somewhat useful. As it stands broadcast encryption is little better than optical toilet paper; you're better off slotting Linguisofts and speaking in a foreign language. In fact, that's a hell of a lot cheaper, and far more likely to work, than the "Encryption" they have for sale.
Which brings me to my point: the ease of use and availability of Decryption algorithms makes the kind of "encryption" sold worse than obfuscation, which is no encryption at all.
hobgoblin
Apr 11 2004, 02:36 AM
now your forgetting that both encryption and decryption equipment in sr is classified as security or law enforcement grade equipment. and the original sr rules where written when the US had a export ban on encryptions above 64-bit and asymetric (or public key if you will) encryption was only theorys. and SR is a world in a constant state of cold war among the AAA corps, where encryption is as mutch about keeping stuff secret as it is about good math. no way they will ship a encryption product without it haveing a back door that they can use if the enemy for some reason uses theyre stuff.
allso, the very act of haveing in your posession a cyberdeck will land you a fine of 8000 or 2 years in prison, and as you need a deck to use a decypt utility i do belive that posession or dealing in these sort of software without a permit and selling to a user with a permit can have similar levels of punishment. basicly they have taken what the DMCA only hints at to the extreme. have a tool like DECCS (or was it DECSS?) on your disk and your in prison or get slapped with a heavy fine, any hardware and software will be confiscated on top of that.
basicly a cyberpunk world is a world where the laws are written to protect the big fish, most likely the big fish is the ones writeing the laws (corporate court anyone?). so you can in theory slap any silly old scrambleing trick on top of a file or transmission, call it a encryption or content control system and get protection by the law.
its everything from clipper chips to god knows what else, makeing the public feel safe in theyre corporate enclaves while the rabble fight it out in the paramilitary areas of town.
do you think a corporate R&D labs connection to the matrix is listed in the yellow pages? the decker have to break out his toolbox just to locate a host damn it. its kinda like the old trick of hideing a modem hooked up to the switching station's computer behind a unlisted number.
the encryption isnt there to keep the crackers out, thats what the attack, blaster and black ice is for. the encryption is to keep joe user from findeing out about something that the corp dont want him to know about, like the combat drug testing in the barrens or the toxic stuff dumped into the harbor every night to cut down on waste disposal expences.
mfb
Apr 11 2004, 02:47 AM
you don't need a cyberdeck to decrypt something. you can get decryption modules built right into your commo gear.
mfb
Apr 11 2004, 02:47 AM
you don't need a cyberdeck to decrypt something. you can get decryption modules built right into your commo gear.
edit: i am repetitive i am!
Eyeless Blond
Apr 11 2004, 03:06 AM
QUOTE (hobgoblin) |
basicly a cyberpunk world is a world where the laws are written to protect the big fish, most likely the big fish is the ones writeing the laws (corporate court anyone?). so you can in theory slap any silly old scrambleing trick on top of a file or transmission, call it a encryption or content control system and get protection by the law.
its everything from clipper chips to god knows what else, makeing the public feel safe in theyre corporate enclaves while the rabble fight it out in the paramilitary areas of town.
do you think a corporate R&D labs connection to the matrix is listed in the yellow pages? the decker have to break out his toolbox just to locate a host damn it. its kinda like the old trick of hideing a modem hooked up to the switching station's computer behind a unlisted number.
the encryption isnt there to keep the crackers out, thats what the attack, blaster and black ice is for. the encryption is to keep joe user from findeing out about something that the corp dont want him to know about, like the combat drug testing in the barrens or the toxic stuff dumped into the harbor every night to cut down on waste disposal expences. |
This is all very true. It is also not encryption, according the the definition of encryption; none of it is. This is what Scramble IC and drek like that are, all of which I agree should be about as noticable to a true decker as a fart in the air conditioning
And, unsurprisingly, it is; it's both cheaper and more effective to simply translate stuff into Klingon or something than use any form of "encryption" listed in the book, with the possible exception of rigger network encryption.
But there will still exist *real* encryption as well, stuff that is built to be secure, unbreakable, with open-source software that actually *encrypts* stuff. The fact is that encryption theory and implementation must be open to the public in order for it to be useful, and I expect at least one AAA megacorp will realize that. Even if this proved untrue, open-source software, such as stuff puclished under SourceForge or GNU, isn't going anywhere soon, and in a dystopia world like Shadowrun I imagine such a concept will be all over the underworld, especially in forums like Shadowland. And that *real* encryption should be available to runners as well, even if "the man" makes it Legality code ZZZ and you are made to disappear along with your friends, family, and everyone else in a six-block radius if you're ever caught using it.
Crusher Bob
Apr 11 2004, 03:45 AM
A world in which encryption is weak but the 99.9% of transactions are electronic
.
Carp why go running, when we can decrypt all the credit card numbers comming into Amazon.com...
hobgoblin
Apr 11 2004, 02:19 PM
well it seems that the banking traffic is not useing the out in the open encryption stuff but rather some inhouse stuff, just look at how you have to basicly take a credstick totaly apart to even have a remote chance at forgeing it.
allso, lets look at the timeframes, a rating 6 encryption have a base time of 6x5 mins. thats what, 35 mis in base time? and im guessing that most realy secure stuff would be useing atleast doubledigit encryption, and then your looking at 50, 100 or higher timeframes. allso you will need to get a number of successes equal to or above half the encryption rating. the question is, can you build that up over time or have it be a all or nothing effect? i vote for the last one.
and this will have to be done while the transmission is going on, whats the chance that the next time they transmitt they have changed keys? keep it to short bursts, changeing keys (and maybe frequencys to) and a high encryption level and the enemy dont stand a chance.
data encryption outside of the matrix is equaly nasty, haveing a timeframe of rating x 10 mins.
as for the scramble ice, you better have a high computer skill or one screwed up decryption test will see whatever you wanted to access blow up in your face. there may be a theoretical chance that you get at the data but i dont realy like the odds unless we are talking 10+ skill. and even then the scramble ice only need one success to blow up and then its bye bye target.
oh and whats stopping the banks from issuing credstick terminals with buildtin dataline scanners? those are even able to react to deckers taping the call.
basicly its like any kind of security, you do not design your security setup around only one system but around 2,3, 10 or what ever number of systems you can afford, mostly redundant, selfsupplyed, and so on. scramble ice, tar ice tuned to take out decrypt utilitys, attack or higher to take out the decker and so on. physical security includes drones and security guards, spirits and wards, electric and monowire fences. the point is to try and avoid the chance of haveing a single point of failure.
Kagetenshi
Apr 12 2004, 01:11 AM
QUOTE (Rev) |
Encrypted radio com would be easy and unbreakable. No more drone control contests. You could still do electronic warfare to disrupt communication, but you would not be able to take over another persons drone with a simple die roll. |
It already is that way. Have you checked out the encryption rules for anything other than Matrix encryption lately? L3 Encryption is enough to regularly stymie every decrypter available, and L5 is secure against everything but EW-skills of 20+ -and- karma pools of 10+
~J
Kagetenshi
Apr 12 2004, 01:13 AM
QUOTE (Eyeless Blond) |
My problem with encryption is that it's essentially useless, especially broadcast encryption. If I'm paying that ridiculous fee for something that IRL I can get for free off the 'net, I'd perfer it to at least be somewhat useful. As it stands broadcast encryption is little better than optical toilet paper; you're better off slotting Linguisofts and speaking in a foreign language. In fact, that's a hell of a lot cheaper, and far more likely to work, than the "Encryption" they have for sale. |
Are we reading the same SR3? Broadcast encryption is ironclad.
~J
TinkerGnome
Apr 12 2004, 02:14 AM
Wow, I completely misread broadcast decryption [edit]twice, no less[/edit].
Here's the summary for those of you, like me, which didn't get it the first time around.
- Decryption has a base time of 5 minutes x rating of the encryption
- The TN to decrypt is encryption rating + 4
- The decrypter rolls dice equal to the decryption rating for successes
- The decrypter rolls Electronics (Electronics Warfare) for complementary successes
- The decrypter needs a number of successes [edit] greater than [/edit] encryption rating /2 (round up) to break the encryption
So, let's use the example of DecrypterX and the corporate security transmissions.
DecrypterX has gotten his Decker buddy to get him the security team's frequency. He sets up shop in an old warehouse in range of the security team's operations area and starts listening in. He finds the frequency immediately and sets his decrypter to work. Because he's a pro, his device is pretty good (Rating 6) and his skills are tight (Electronics/Electronics Warfare 4/6). Recent budget cuts have forced the security team to make do with old equipment, which still has a rating of 3. It takes DecrypterX a base time of 15 minutes to decrypt the signal. He rolls 6 dice against a TN of (4+3=7) and gets one eight and the rest 5 or less. His electronics warfare skill turns up nothing. He curses because, after 15 minutes of effort, the signal decrypter proves unable to break the code since he didn't get the required (3/2 round up + 1 = 2) successes to break the code.
Frustrated, he calls in some markers and borrows a friend's bleeding edge decrypter, a rating 10. He tries to crack the security transmissions again and gets three successes, enough to let him listen in on the channel.Neglecting complementary dice, a rating 10 decryption program stands a less than 1% change of breaking through rating 6 encryption. It breaks through rating 3 about 23% of the time and rating 2 about half the time. Sounds pretty solid to me.
BitBasher
Apr 12 2004, 02:28 AM
And a really good rating 10 encryption, which is cheaper than the rating 10 decryption has a TN to crack of "your mother".
You need 6 14's with a base time of 50 minutes. You need a whole hell of a lot of time for that to happen. And cheating is always good too.
TinkerGnome
Apr 12 2004, 02:35 AM
Heh, I just got a lot more secure in the fact that my rigger's running a rating 2 encryption system on his network. Ran out of cash or it would have been higher... don't think there's a lot of chance of reasonable opposition breaking into the system
Also, keep in mind that a rating 1 encryption gives you the benefit signal camoflauge. Unless you know the frequency you're looking for ahead of time, you'll realisticly never find it.
mfb
Apr 12 2004, 02:42 AM
encryption should, realistically, also negate or partially negate the effects of jamming. modern encryption includes frequency-hopping--basically, changing the channel 100 times a second or so, so that nobody can record your encrypted transmissions and decode them later (incidentally, it works this way in SR, too--you have to decode transmissions in real-time or not at all). another effect of this is that no one can jam just one frequency--or even twenty of 'em--and kill your transmission. jamming your entire signal range will still work, of course, but that kills their commo as well, and also makes a delicious-looking target for any anti-radar missiles.
hobgoblin
Apr 12 2004, 07:52 PM
it seems that breaking data encryption is easyer to do then breaking broadcast encryption. but i guess the reason for that is that while broadcast decryption relays on the rating of the decryption gear the data decryption uses the users skill against the encryption rating reduced by the decryption equipment. the biggest problem it seems is that while broadcast have a treshold of half encryption rating, data have nothing like that. one success and your in. but i wonder, does canned data encryption have the scramble ice ability to destroy data if the attacker fails?
gknoy
Apr 13 2004, 01:28 AM
QUOTE (hobgoblin) |
unbreakable encryption makes the game easyer for the gm but it allso makes it less fun for the players as it removes ways for them to avoid being railroaded by the gm. |
I disagree.
If encryption were nigh-unbreakable (via bruteforce - an important distinction), then things would still be fairly balanced.
On one hand it makes some things HARDER for both the GM and the players. GMs need to provide avenuesfor players to get oast things that are encrypted. Players need to findways to do it. For example, rather than BAM breaking some communications, you snoop the traffic for a while, look for patterns, etc -- this could be a tine-based test where skill/utility grooviness would reduce the time needed to crack something. Cracking open an encrypted file archive, on the other hand, would be reaaaally hard...
The keys might be on the system - maybe the decker can find it. This is the weaker solution (and one often used today -- your PGP keys are stored locally, in an archive encrypted with a user password). If your decker finds a keystore (perhaps in the user home for the last person using it, or some commonly used place (you'd besurprised how few people change the default installation locations
)), they should be able to try cracking that -- and since it's probably a user password, you could run like a dictionary-or-other crack on it; l0pht-crack is VERY good at this, for example.
Most users are idiots, and won't use a strong phrase/icon/whatever. (Matrix passwords might be more tricky - who knows, maybe it's an icon you present or something ...) This could be the in-game interpretation of what cracking encryption on a file means in the current sense (roll , apply decrypt utility, etc).
The keys might be on a token or laptop of some employee or whoever needs access to it -- well, snoop those access logs, and see who has access / last used it! Now you know who to talk to or jack-some-goods from. (This is a common thing in the security industry for those who needsomethin secured -- smart cards or PCMCIA tokens are often used.) This would be for "more secure" things. This would open the doors for all sorts of other ways of getting an encryption key for Important Data than simply having your decker sit at a terminal for a few hours.
It might have been a one time pad, in which see the above case -- you need to find one copy of the pad that is used. This may require B&E, or kidnapping, or whatnot. *grins*
The key might be biometric - someone's retinal pattern or DNA as a basis for their user passwd, or something ... equivalent of having a token, but harder to change out if someone breaks/steals it.
I see this as allowing players and GMs to have a more "deep" world, with more "believable" consequences of actions, and more interesting ways of solving some solutions. For some things, the GM might say that a simple Decrypt test is all that's needed -- but for more Game-Important things (or that 300MP of research paydata that the decker stole while doing legwork ...
), the GM might impose more restrictions on how it has to be done. or incure a higher processing cost -- eg, encryption rating is so high that you'd need a mainframe cracking for a month or a year to hope to break it by brute force (which is still pretty unrealistic).
my 3
Eyeless Blond
Apr 13 2004, 03:11 AM
QUOTE (TinkerGnome) |
Here's the summary for those of you, like me, which didn't get it the first time around.- The decrypter needs a number of successes [edit] greater than [/edit] encryption rating /2 (round up) to break the encryption
So, let's use the example of DecrypterX and the corporate security transmissions. |
Ah-ha! I did not see this part. That makes things much more difficult, even at lower encryption ratings. See, I thought all you needed was one success to beat a Rating 10 broadcast encryption, which would happen roughly 25% of the time with a Rating 10 decrypt program, even without all the complimentary and other dice you add in. This makes it much much harder to crack. Objection withdrawn.
TinkerGnome
Apr 13 2004, 03:12 AM
Yeah, you'd need 6 successes on a TN 14 test. If you can do that more than once in your career, I'll be impressed
Kagetenshi
Apr 13 2004, 03:24 AM
Yeah. My most impressive roll so far in my history of Shadowrunning is five sixes on five dice. That's still nowhere close to what is required for encryption-breaking.
~J
Link
Apr 13 2004, 04:19 AM
But it is a Yahtzee!
Regarding encryption, as mentioned in the first post the biggest pain is the variety of rules concerning encryption. I liked it in when opposed device rating tests were used across the board, one rule to roll them all.. or is that one roll to rule them all.
TinkerGnome
Apr 13 2004, 12:25 PM
Fortunately, encrytion comes up rarely enough that you can look it up every time you need to make the test. If you get into a lot of rigger-rigger combat or a lot of broadcast eavesdropping, then I'm sure your group will memorize the rules they use quite quickly
I do want to thank this thread for motivating me on actually reading the rules on broadcast encryption for comprehension. My sammies just got a little bit cooler.
BitBasher
Apr 13 2004, 04:29 PM
If you want INSANE to crack, the Phillips Tacticom units from.. I think Fields of Fire are encryption 14.
8 18's anyone?
hobgoblin
Apr 13 2004, 10:04 PM
QUOTE (Link) |
But it is a Yahtzee! |
if you have a problem with that then stop playing the game called SR. yes its a game, not a simulation of real life
hmm, it seems that breaking data encryptions are easyer to do then breaking broadcast encryption right now as from where im reading data encryption dont have a required number of successes. in fact it looks like data decryption works more on the idea that any software have bugs, and if you know about these bugs you can get the software to behave outside of its planed ability. the decrypt utility is more like a "intelligent" exploit (it can not only use known ones but can probe for unknown ones somehow) then a bruteforce password/key tester (alltho it may do this to, dictionary tests and so on).
in fact it seems the entire decker attack scenario works on this idea. the toolbox pokes for flaws in the target code and the decker then supplyes the specific commands to get the ball rolling. we must allso not forget that while broadcast encryption have a max rating of 10 (look at hte table there is no 10+ entry) and broadcast decryption have a max rating of 8, the data encryption and decryption ratings both have 10+ entrys. therefor they can go as high as you want them to. and as you go higher the numbers gets slightly insane, and if your working on a host you have the added problem that any decryption test is a system test, therefor risking that your security tally goes up. so you better get it right the first time or else.