Information Warfare Mechanics

[name_here]

See, One-Time Pads are unbreakable because you never repeat the key. That makes them hellishly inconvenient. There's very good reasons we use other forms of encryption.

Should person to person comms be assumed to use OTPs and therefore be unbreakable?

Not as a rule. You can only send a finite amount of traffic before you reach the end of the One-Time Pad, and then if you start over it stops being unbreakable.

can you transmit a OTP key throug a previously set up OTP?

I'm pretty sure the answer is, "Yes, but why would you want to do that?"

[Zaranthan]

If a single eccentric wizard has a door-less tower he teleports in and out of, then you use other means for that specific tower.

SR magic can't do teleportation.

Jokes aside, your comparison is off-target. "You must be level X to cast teleport and get in" is not how OTP works. It's "you must have this key to get in." Now, you can steal the key from the wizard, or you can mess with the tower and make a key to fit the lock, but both the wizard and the tower are going to defend themselves if you try it.

This metaphor is getting a bit tortured. Point is, your allegory is for the "OTP is just Rating $TEXAS Encryption" solution that some people have been offering, not for how OTP actually works.


Now, I want to take a crack at Frank's cries of genre emulation, because I agree that it's important. "Snidely Whiplash snooped on my packets and got the secure transmission, he'll crack it soon!" "But we used an OTP, he can't crack it." Snidely's not just throwing CPU cycles at the file, he has agents out hunting for the key. They're tracking down either the file's destination or origin systems to hack them with Handshake-LOS range programs and get the key. Bam, genre preserved.

[Ice9]

See, that's a whole different action now. The way that smashing a hole through the doorless tower's wall or teleporting inside yourself are different actions than picking a lock.

You could have a system that was super-abstract, where you don't have "Disable Device", you have "Gain Entry", and it covers literally anything you might need to do to gain entry to a place. But would you want to? Personally - no. Having different methods that you can use - and sometimes are required to - is part of what makes things interesting. I don't see an advantage to "any problem should be solvable with a single roll".

Same thing for hacking. IMO, in terms of gameplay, a system where usually you can unlock the files by just hacking hard enough, but sometimes you need to go find a person or a different file that has the key sounds better than a system where having a sufficiently high hacking skill is the beginning and end of the story.

The only problem would be if people could "Set Hacking = No" by using OTP everywhere. And because of its inherent limitations, they can't.

[DSMatticus]

Me in the other thread we had that managed to hit this topic:

No cyberpunk game that is actually, well, cyberpunk is going to look anything like our future. We want certain things to be feasible, and we want certain other things to be intractable, and we want certain other things to shift from intractable to feasible based on skill in a way that in the real world they simply would not do and would instead be wholly binary (possible, impossible). And even though we really, really want to pick and choose which things are easy and difficult, there are all these damn proofs that relate the difficulty of these tasks to one another. Our only option is to piss in some mathematicians' cheerios, and since this is science-fiction, that should not surprise anyone at all.

And one of the things that has to go is encryption. And we really do need to be explicit about this one, because if you posit that encryption fails for [reasons], someone is going to sit at your table and say "I can do it better! [lengthy, detailed explanation here]". And while merely letting them open their mouth has cost the table valuable time, from there there are three possibilities that make things even worse:
A) they are right, and they break the game;
B) they are wrong, but nobody else at the table knows why and they break the game;
C) they are wrong, and somebody else at the table knows why and "[lengthy, detailed explanation here]".

Encryption/cracking itself needs to be fairly abstract, but the part where we tell people who try to port real-world mathematics and engineering into solving in-game technology problems to shut their gawdam mouths is not optional.

It really is not optional. I cannot stress that enough. Some players are going to think they know how to describe a secure method of communication and they may or may not be right but the game cannot fucking care and it needs to be able to handle that situation without a player declaring that it's just the DM dicking them for their clever ideas. Things very explicitly need to not work like they do in the real world. It's sci-fi. That's a given, and you just need to man up and say it.

[Ice9]

The thing is, a OTP is more like putting the data on a physical medium and hand-carrying it to the destination than it is a "better form of encryption". Both in how you would deal with it and the limits than mean it's really not going to be common.

Unless you think that you need to be able to hack into anything, including data that was never on a computer.

[RadiantPhoenix]

The thing is, a OTP is more like putting the data on a physical medium and hand-carrying it to the destination than it is a "better form of encryption". Both in how you would deal with it and the limits than mean it's really not going to be common.

Unless you think that you need to be able to hack into anything, including data that was never on a computer.

OTPs let you change the message after you deliver it.

(Because they're fucking magical. )

[DSMatticus]

RadiantPhoenix already said it, but OTP's are not equivalent to carrying around data on a physical medium.

If I hand you a flashdrive full of data, the only information I am able to give you is information that I had while the flashdrive was in my hands.

If I hand you a flashdrive full of random bits, then publicly broadcast the string of bits that will turn your random bits into a message I want to send to you, I am able to give you information that I have acquired well after the flashdrive has left my hands - and securely, at that.

[Ice9]

... yeah? I said it's more like that, not that it's the same. By which I mean that it's a thing people can do that makes a particular message non-decryptable, but seldom will because of the logistical difficulties.

It's not a problem that you can't hack a OTP, unless you also consider it a problem that you can't hack your way into data that's on CDs in a sealed vault.

[Grek]

Regular encryption is like giving someone a special decoder ring. Anyone with the ring (or one just like it) can translate your message, as can anyone who's really good at math or who has access to a copy of a pair of coded and decoded messages. A one time pad is more like a prepaid cell phone that is magically immune to wire tapping. It is more expensive and can only be used for a finite period of time, but no amount of fiddling with decoder rings and mathematics is going to get you that message.

[DSMatticus]

It's not a problem that you can't hack a OTP, unless you also consider it a problem that you can't hack your way into data that's on CDs in a sealed vault.

A CD in a sealed vault will only contain information about events that happened before the CD was sealed in the vault. An OTP may "contain" information about any event whose light cone has reached the OTP, i.e. all events that it is relativistically possible for the OTP to contain information about, provided someone makes a transmission about those events which the OTP can decrypt, of course.

This is literally the difference between storing data about the past and facilitating the (secure) communication of data about the future. Your analogies are just wrong. Super hardcore wrong.

[fectin]

If you seriously are willing to say that messages are unreadable without some kind of access to the sending device or an intended receiver, then sure, otps are meaningless and you can skip it. But the stand alone 'encrypted file' is a very big genre trope to throw under the bus just so you don't have to include a paragraph of rules about one time pads, and it is a sacrifice I personally am unwilling to make.

-Username17

The flip-side of that is all OTPs, all the time. But it happens to work out that actual, real-world OTP entropy is very expensive because you can't automagically generate it. That means that One Time Pads operate exactly in the way you would most like them to: they are too rare to use normally, but they exist and work fine as MacGuffins.

On top of that, they have a not-actually-secure version, (sample something and pretend it's random), which takes very little handwavium to turn into going to arbitrary places to record arbitrary data, so that your decryption takes a short time instead of years.

And that's just the implications of how these things actually work. In this case, realism has conspired to create a perfect plot element.

[Foxwarrior]

But it happens to work out that actual, real-world OTP entropy is very expensive because you can't automagically generate it.

http://www.ebay.com/itm/like/271056549086?lpid=82

$13 (I hope I found the right product).

If that isn't the right product, at least there's: http://www.idquantique.com/random-numbe ... -shop.html (990 €)

[fectin]

Yeah, see, I already addressed that. Pseudorandom ain't random.

[virgil]

http://www.random.org/

True randomness doesn't look that expensive to me.

[Foxwarrior]

Fectin: perhaps you missed the part where it said "4Mbps of true quantum randomness".

Virgil: If you get someone to give you the random numbers over the internet, you can't trust that nobody else was watching.

[virgil]

Virgil: If you get someone to give you the random numbers over the internet, you can't trust that nobody else was watching.

Your point being?

[Grek]

Foxwarrior: Quantum RNG hardware is prone to bias and hardware degradation. In particular, it can fail without a warning and provide non-random results. This can be corrected for on the software level, but that makes you vulnerable to analysis based on the specific software being used. Actually unbreakable OTPs require better quality randomness than what you're going to get for a thousand pounds or even ten thousand pounds.

[Foxwarrior]

Grek: I see, so there's room to declare that in the future this will still be a problem.

Virgil: You have to own the randomizer to make a truly trustworthy OTP, the price for some truly random bits is not a great measure of that. Pointing to random.org is a bit like saying that it's cheap to own a search engine because using Google is free.

[virgil]

Virgil: You have to own the randomizer to make a truly trustworthy OTP, the price for some truly random bits is not a great measure of that. Pointing to random.org is a bit like saying that it's cheap to own a search engine because using Google is free.

And when you don't actually look where people point, being wrong is pretty easy, isn't it?

[fectin]

Random.org says right on the front page that they're sampling atmospheric noise to generate their numbers. That's one of the things I explicitly talked about as not random enough (see the back and forth about Simpsons episodes), and also a thing I called out explicitly as an excuse for plot a few minutes ago. So, good example, I guess?

As for the "true quantum randomness", oh look, that's impossible: http://ieeexplore.ieee.org/xpl/articleD ... er=6670761
To be fair, I don't understand it well either. Roughly I think, extracting randomness introduces noise. So the underlying system might be random, but we can't ever get something perfect out of it.

That might seem like quibbling, but I'll remind you that Russia's single reuses of some one-time pads in the forties got their crypto broke. Unlike cyberpunk futures, the forties did not exactly have tremendous computing power, so that's possible basically by hand. Small and subtle patterns can have a huge impact.

[Ice9]

A CD in a sealed vault will only contain information about events that happened before the CD was sealed in the vault. An OTP may "contain" information about any event whose light cone has reached the OTP, i.e. all events that it is relativistically possible for the OTP to contain information about, provided someone makes a transmission about those events which the OTP can decrypt, of course.

Again - so? A limited amount of data can be sent securely, at considerable trouble to arrange. That's not actually a problem.

Seriously, relax. It's ok if someone, somewhere, sends a message that can't be hacked into by itself. There's still all the other messages, there's still the source and destination computers that can be hacked into. Hackers still have plenty they can accomplish. The logistical limitations of OTP means that it's not going to suddenly be used for all (or even many at all) communications and render decrypting obsolete.

So I'm just not sure why being unable to decrypt a OTP message is such an issue for you that it's worth throwing a fair amount of WSoD out the window for.

[Username17]

The issues with otps are not that they are inherently impossible to manage in-game, but that they have such massive strengths and weaknesses that MCs should not be expected to come up with rules for it on the fly. It is too likely that something you ad hoc Justin Bieber style is going to break the game one way or another. Otp need rules for the time and cost to produce them, the ability of people to steal them while they are stored, and the limits of how much data can be sent.

Regular symmetric encryption needs rules too of course, but mostly just in terms of what you need to be able to break it.

Asymmetric encryption needs to die in a fire. Since by its nature it allows the sending and receiving of encrypted data without ever sharing a key with anyone, in game terms it absolutely needs to be very insecure against skilled hackers. Otherwise no one can read anyone's mail and the cyberpunk hacker can't exist as the genre has defined him.

But what this means is that you need rules for three kinds of encryption, and that their strength versus decryption must be determined by the needs of the genre rather than the realities of math. That having been said, it's actually quite possible that asymmetric encryption is easy to break, symmetric encryption is hard, and one time pads are impossible. That is not an unreasonable prediction for how future math will work out, which is good because that is what the genre requires.

-Username17

-Username17

[Lago PARANOIA]

It really is not optional. I cannot stress that enough. Some players are going to think they know how to describe a secure method of communication and they may or may not be right but the game cannot fucking care and it needs to be able to handle that situation without a player declaring that it's just the DM dicking them for their clever ideas. Things very explicitly need to not work like they do in the real world. It's sci-fi. That's a given, and you just need to man up and say it.

B-b-butt DSMatticus, if there's no opportunity for me to filibuster the game with my faux-clever ideas, why would someone want to play cyberpunk at all.

[kzt]

Encrypted data is fundamentally impossible to access unless under the following circumstances:
You successfully hack the person before they have sent or received the data.
you hack someone who ether sent or received the data after you obtained a copy of the data.

That is pretty much how it works for properly managed and engineered encryption. You cannot break it without an insider or otherwise penetrating the system before it is encrypted or after it is decrypted.

A solution to this is why the Soviet Union had the North Koreans capture the USS Pueblo, because the Pueblo had the crypto machines that allowed the KGB to use the code keys they got from John Walker to break all the US Military's most important crypto messages for a decade plus.

However it is a real pain to manage a crypto system properly. For example, the Verona Project broke one time pads that were improperly used due to mistakes by Moscow Center.

[kzt]

The only problem would be if people could "Set Hacking = No" by using OTP everywhere. And because of its inherent limitations, they can't.

Encrypted file systems are of no use if the attacker owns the system. The system will happily decrypt the file for him. And for practical use the system must hold the keys, nobody is going to keep a book of thousands of separate 512 bit keys they must carefully and without mistake type in every time they want to open a different file.

So no, encryption is really not all that much of problem to a hacker.

Yes, I have spent some time arguing with management about this...