Logically all or nothing would be fine. And the obvious way to have the hacker work at it until he breaks it is to have him works at STEALING the key rather then trying to decrypt it by brute force.

If you rapidly break encryption you are typically defeating the weak passwords or a poorly implemented cryptosystem that leaks data. Or some idiot who thinks he understands cryptography and write some POS that is not secure. Like Micro$oft Pa$$word "encryption".

The trick is for the GM to only use secure crypto where it logically makes sense. And there are really fewer than most people seem to think. And you can still have fun and have unbreakable crypto if this is handled correctly.

Lots of people like the idea that they can encrypt their files so no unauthorized user can get to them, but how many are willing to actually enter the numerous encryption and decryption passwords a zillion times a day? Where will they keep their passwords so they won't forget them? Will they be good passwords or easy to remember passwords? Easy to remember passwords are the ones that you typically can break in a trivial amount of time. So either people won’t do it or it’s trivial to break.

If you use some sort of automatic system that relieves an individual of the need to be entering the key themselves, how does a computer system know that a hacker who breaks into a system as a user isn’t that user? In this case the file can be encrypted in a totally unbreakable cipher in main storage, but when you ask for a copy it’s provided in a useable (hence unencrypted) form. I really don’t see how anyone would protect against this, other then possibly by the system requiring some additional verification before they decrypt the file for you. And if you have compromised the system enough that won’t help.

So file encryption is going to typically only be a problem is you steal an off-site backup or a physical system and didn’t get the keys. And in a properly done system getting the keys for these is very hard, so it makes these thefts fairly pointless.

The typical area where attackers would encounter major issues with crypto would be in transmissions. For example, a corporate wireless network would be essentially invulnerable to being intercepted or entered without inside knowledge. Traffic between cooperate sites, drone networks, secure chat rooms, and financial transactions would be other examples where it would is reasonable to expect that the traffic can’t be decoded unless someone is a fool or you have inside information. (If someone wants you to tap the link between two Aries research sites you're probably going to have to break in and install a tap on the cable. That's why they pay you the big bucks.)

I’m not sure where the typical person to person message would fall. In the real world the encryption mechanisms provided with cell phones have not been very strong, and people who wanted really secure cellular phone calls needed to use additional hardware or software to provide the actual security. Even as people migrate to systems that do properly encrypt the call between the base station and the handset the carrier has the keys. And once the call is received how it is protected in transit to the other base station is really unclear. And while email encryption has been out there for years, when was the last time you got an encrypted email?

If you assume that public key system are in some fashion able to be used in an environment where quantum computers exist (which appears possible – but not assured) that would allow semi-random strangers to call you and have the call end-to-end secure.

If this is true you can then also have secure email with semi-random strangers. At least until you temporarily misplace your comlink, with or without assistance, and lose your private keys to a shadowrunner Even if public key crypto doesn’t work you can certainly send encrypted messages to people who you have an established relationship with and be pretty sure that nobody without the key can read it.

SR3 is wireless. You have wireless communications and my SR3 was accessing the matrix almost exclusively by wireless means.

AR was there in SR3, too - it was just hidden.

Tortoise mode operations were handled in meat-space and, given programs with options that increase detection factor, you could actually do some hacking.
As the only limiting factor for a tortoise was memory, with a headware phone and enough headware memory you were good to go.

Well, AR has no limit... but tortoise didn't trigger ICE at all, nor were they enganged in cyber combat. You were simply cast out at the third trigger step.