[kirk]

I'm not sure what you mean there Kirk. Properly employed, encryption should make certain things far more secure (controlling drones or peripheral devices, using a credstick or generally shopping or confirming identity online) but a lot of things would need too much complicated communication options for strong encryption to really lock it down. Modern cell phones and computers can be hacked despite strong encryption because how they communicate with the outside world is complicated and hard to secure every possibility.

In game, this wouldn't be hard to represent. A drone controlled by a well implemented 256 bit encrypted link is impossible to hack or spoof, but can be jammed. One with a shoddy implementation of public key encryption you might be able to hack on the fly.

Neither computers nor cellphones are hacked on the fly today. That's real-world. Jamming is a different story and isn't what was being discussed.  Real world, the battle between hacking and defense is going to bounce back and forth, but for hacking on the fly to happen it has to make a tremendous surge past the defenses.

see the posts already made by others to explain why that doesn't fly.

Me, I like having hackers and technomancers, so I'll ignore "real world".

[Kontact]

A R1 agent cycling your encryption every CT makes your signal uncrackable.



Signal Capture is a Complex Action which can't be attempted on an encrypted signal.  So, you have to decrypt first.
Initiate Cryptoanalysis, even with weak encryption, is a Complex Action which begins an extended test with an Interval of 1 CT.
Therefore, the ability to listen in to someone's traffic takes, at minimum, 1 CT + 2 CAs.

The action to encrypt a signal is a simple action, as is the action to decrypt it. 
Neither action requires a roll therefore, they can not fail to occur, regardless of user skill.

So, as long as there is an agent on each end of the connection providing and using a new encryption key before that [Complex Action + Combat Turn + Complex Action] minimum time period is up, then the signal can not be decrypted by the existing rules.  Every time the encryption is changed, the hacker attempting access would have to begin a new decryption and then wait a turn and then attempt to capture the signal again, and since the encryption can be changed, by a chepo agent, 10 times in that period, the hacker will never be able to decrypt the stream.  The rating of the encryption doesn't even matter.

Encrypted files are another matter.

[Joush]

Acutely, if you know an exploit to the system you are planning to access it is possible to hack "on the fly" today. An unsecured or badly secured Wi-Fi router with a computer using out of date or badly made software means someone that wants access could get it. Many cell phones use out of date firmware and are security-compromised by users, again making them simple things to "hack on the fly".

Hackers and technomancers could work, given the idea that they exploit loopholes and flaws in software to gain access. In fact, 99.99% of the game seems to act as if strong encryption exist anyway, so having it one paragraph say it's dead while never dealing with the massive implications of that seems silly.

The basic Shadowrun setting would be changed more by going with what's in the book and saying encryption is no longer possible then by going with logic and saying encryption remains.

No encryption means:

1) No Credsticks

2) No electronic banking.

3) Drones and all remote operated equipment can not be secured. Connect to them -once- when someone is listening and whatever you used to verify your authority to command it is out and part of the public record. Imagine if you had to access your email while everything you typed or entered was displayed on a wall 100' high for everyone to see. They'd see your password when you typed it in, and if you tried to fix the problem by changing your password, they'd see that too.

4) No secrets in public transmissions. Anything you put in the air, anyone that wants to can see. Military and intelligence operations would need to go back to runners to send messages. Even transmissions by cable are easily intercepted and decoded if you don't have the cable guarded and protected.

5) Any satellite can be wrecked at any time. Yep, when you get right down to it spy sats, weather sats, communications sats.. all of them could be taken over and destroyed by anyone with a little time on their hands and a desire to cause some damage.

[lurkeroutthere]

Shadowrun is a GAME with a HACKING component. /FULL STOP

In order to make that work and keep it simple encryption had to go as do many real world protections against hacking. Everything else runs on handwavium to make that simple concept hold. It's not that the writers don't know it's just they don't care.

[Joush]

Acutely, I'm pretty sure the writer of the passage on encryption in SR didn't really understand encryption. There are logical ways around it, to allow hacking to continue working. Pretty much all real-world measures to prevent unauthorized access are boiled down to the firewall rating, an abstraction that works well. Having encryption come in various  types of weak encryption that can be broken with an appropriate application of luck, knowledge and processing power and a separate strong that can't practically be broken wouldn't really change anything, as implementing strong encryption and using it to maintain security is a bit of a pain.

Within the existing setting, this would make more sense.  You could tap someone's comlink transmissions and get that they were buying something, and that they'd paid for it with their account, but the exact account details would be in a strong encryption you couldn't break to steal everything they have. The businesses could rely on secure electronic funds, ect.

The fastest fix to this would just be to tear our everything on encryption in the SR books.

[FastJack]

Okay, been lurking on this for a while now and figure I'd throw in my 0.02¥.

1) The current Shadowrun Matrix is encrypted. Hence you need to spoof or hack a node before you can tell it to do anything.
2) You can FURTHER encrypt wireless data/traffic by using your own Encrypt program that makes it more difficult to see/tamper with the data.
3) There's no longer any encryption in the REAL world that can't be hacked.

Now, I'm looking at this discussion and I'm seeing a comparison of game world and real world information. Much like similar discussions on firearms/calibers/clips & magazines and magic vs. physics, I'd recommend that the advice sprinkled throughout of GM handwaving such concerns be put in place. If you prefer more realism, please go ahead and figure out house rules for them, but the game is supposed to be more cinematic. And if there's one thing that we learned about hacking in the movies is that you just need a smartphone and a piece of gum to hack the CIA.

[Joush]

Your link pretty much agrees with me.. *S* Exploiting flaws in encryption methods to break security is exactly the kind of ways to work around encryption and allow hacking realistically that I mean when I say nothing in the game has to change to get rid of the "encryption is dead" passages from Shadowrun.

Oh, and your link doesn't claim that all encryption can be broken. Anyone that claims to be able to break a one time pad encryption via cryptanalysis is a lying to you. Anyone that claims to be able to break 256 bit encryption by brute force before the death of our star is also lying.

For pink mohawk, it's ok to go for the Mystery Science Theater 3000 mantra. When you go with cyberpunk noir, it can bother you though.

Honestly, like I said, hacking complicated systems isn't all that stymied by encryption. Their very complexity means guarding everything becomes difficult. Just because you can't brute-force your way past properly applied encryption, you can work around it and find a flaw in the implementation.

"You don't 'fix' a whole firewall. You find a hole and you plug it."

[PeterSmith]

Shadowrun is a GAME with a HACKING component. /FULL STOP

This. A thousand times this.

[Kobold]

Oh, and your link doesn't claim that all encryption can be broken. Anyone that claims to be able to break a one time pad encryption via cryptanalysis is a lying to you. Anyone that claims to be able to break 256 bit encryption by brute force before the death of our star is also lying.

What about quantum computing? I'm absoluty no expert in cryptanalysis, but a small excerpt from the wikipedia article:

Although quantum computing is still in its infancy, experiments have been carried out in which quantum computational operations were executed on a very small number of qubits (quantum bits). Both practical and theoretical research continues, and many national government and military funding agencies support quantum computing research to develop quantum computers for both civilian and national security purposes, such as cryptanalysis.

And since we have roomtemperature superconductors and optically based computers 2070, it's not out of reach.

[CanRay]

And the random element that is a DNI system.  Never underestimate the (meta)human ability to do the really fraggin' weird.  Look at Technomancers.  And Magicians.  And Lesbian Elf Stripper Ninjas.

...

Maybe I look at the last way too much. 

[KommissarK]

One simple fix to this, is the either optional rule or house rule (not sure where I read it) of decreasing the dice pool by one on each roll after the first on an extended test. This means at least that a low Decrypt program would have trouble beating higher encryption ratings.

[PeterSmith]

And Lesbian Elf Stripper Ninjas.

...

Maybe I look at the last way too much.

They're ninjas, you can't see them.

[FastJack]

And Lesbian Elf Stripper Ninjas.

...

Maybe I look at the last way too much.

They're ninjas, you can't see them.

Except when they want you to. And since they're strippers, it's usually when they're looking for corpscript.

[CanRay]

And you damned well better tip them!  The weapons they have concealed is amazing considering the lack of clothing!

[tzizimine]

Question for use of SR encryption...


From Unwired, it says that you can change the interval of decrypting by use 'strong encryption' and simply using the same Encrypt program and spend time equal to the desired interval setting it up, to a max of 24 hours. Since it doesn't say otherwise, I would assume that this lasts for as long as that particular copy of Encrypt is running and does not count against the Response rating anymore than a regular Encrypt program.


If that is true, why would anyone not spend the time to max it out at the full 24 hours and leave it running? No hacker is going to stay in AR nearby long enough for you to not notice their attempt and when you go to bed, you drop your commlink's Signal to turn off the wifi connection without turning off the commlink?


Thoughts?