Machine and Man in Cyberpunk

[DSMatticus]

I think what he's saying is that if you have

I did not mean that I read it and did not understand it. I meant I had hit my threshold for tolerating dumb things, because the first sentence is stupid and not something we have to do at all and that should be immediately obvious to everyone.

It doesn't matter how the trollface works, it's the fact that it's altering something as fundamental to reality as mathematics that's causing problems. I really doubt my communications protocol (only slightly better than ritually casting Mindlink) is the most broken thing anybody can come up with.

No, the problem is very clearly that you think someone's personal ability to interact with certain real-world concepts has ramifications and deserves consideration from the game and the genre as a whole. That is a form of egotism that, when indulged, definitionally limits the stories we can tell. And the argument is currently about whether a hypothetical game's creators should indulge people like this so they won't disrupt the table with impromptu cryptography discussions, or whether we should tell those people to fuck themself (only more politely).

I am personally in favor of the latter, because I don't think you can actually achieve the former. If it is cyberpunk, someone is going to be able to find something that does not make sense and get annoyed at it if they want to. You can minimize this problem by limiting your breakpoints to things less people know/care about and playing with smoke and mirrors and curtains and abstraction, but that is a lot of extra work just to put a bandaid on a bullet wound. And as for the latter, reminding people that fiction is fiction is not actually contentious in anyway, and the name of the game is genre emulation because playing cyberpunk is fun and playing mathematics conference is not (at least, probably not to most of the people at the table - as this thread shows, exceptions abound).

[Pulsewidth]

We've already gone over this with chemical processors, where each round of processing takes a fixed amount of time whether you're doing one equation or 10^20th equations.

You keep talking about numbers of this kind of magnitude like they somehow matter. At the scale we're dealing with, and at any reasonable precision, 10^20 approximately equals 0.

a perfect decryption method that isn't capable of failure and always decrypts the exact correct text is the master index from Borges' Library of Babel, and once you have it you can find literally anything.

I assumed it could only decrypt things that somebody had encrypted. I don't see how decrypting things that were never encrypted could be rules as intended. It's brokenly powerful, but it's not the master index.

[sabs]

And honestly, Cryptographic math is on the order of things most people don't give a flying fuck about when playing Cyberpunk.

What matters is that you can tell the story of:
The contents of the drive will be readable in 23 hours. You have to go in and recover/destroy/replace/fuckwith it in some way before that happens. In 22 hours, if you have not signaled you were successful, we will be nuking Toronto off the face of the map to be sure noone learns what's on that drive.

Noone cares wether your panties are in a bunch because MATH. As long as we can actually tell the story.

[Pulsewidth]

And that story works great in either of the two plausible world's from Impagliazzo's paper. The enemy hacker isn't running a magical decryption oracle, he's sending assassins after your troll to recover the key from his anus. That's an even better story, because your actions can alter the time limit. It means you can do the "stopped them just in time" story that's so popular, because the GM can alter the time limit while it's ongoing without breaking credibility.

[Lich-Loved]

[Not at all intended to be a threadshit. This is a serious question]

Beyond the cyperpunk genre mandating it via author fiat, why would any futuristic company even connect anything truly valuable to any external network? Companies don't do this now. Surely in futureworld or whatever, they will have their wage-hackers probe their systems, find that it's a coin toss whether or not a skilled hacker could break in, and just unplug/vault the valuables since the inconvenience of doing so costs less than the loss of the data.

Poof. No more hacks that are worth a damn. At least, not without physical presence, social engineering or the like.

[Pulsewidth]

Beyond the cyperpunk genre mandating it via author fiat, why would any futuristic company even connect anything truly valuable to any external network?

Mysterious hacking at a distance, as described in The Ends. Frank has convincingly demonstrated that this is one of only two possible solutions, and IMO it's a better option than making the benefits of connectivity so great that people will voluntarily take the risks.

[Foxwarrior]

What matters is that you can tell the story of:
The contents of the drive will be readable in 23 hours. You have to go in and recover/destroy/replace/fuckwith it in some way before that happens. In 22 hours, if you have not signaled you were successful, we will be nuking Toronto off the face of the map to be sure noone learns what's on that drive.

The "Protagonists must accomplish [goal] before [bad event] happens in [fairly precise amount of time]" story is not unique to worlds with breakable encryption, and (unless you're using Frank Trollman-style chemical computing) breakable encryption is as terrible a way to make a precise time limit as the reactor instability in The Dark Knight Rises.

What's so great about this particular variation of the story?

[Username17]

The "Protagonists must accomplish [goal] before [bad event] happens in [fairly precise amount of time]" story is not unique to worlds with breakable encryption, and (unless you're using Frank Trollman-style chemical computing) breakable encryption is as terrible a way to make a precise time limit as the reactor instability in The Dark Knight Rises.

What's so great about this particular variation of the story?

First of all: it's absolutely ubiquitous. We're talking about a genre where James Bond is a major iconic character, and that was literally the premise of the last James Bond movie!

But perhaps more importantly, it is a variation of the story which flows naturally from the most used mission in the genre: steal (or stop someone from stealing) the data. Data-steal is bar none the most iconic cyberpunk mission, and players can reasonably expect to be on both sides of it. The "you have to do something (or stop someone from doing something) before the time limit runs out" is another classic and well-loved story structure; and it follows naturally from a data-steal mission, but only if cryptography is breakable.

Breakable cryptography is pretty much the best and most used method for getting from Act I to Act II of a cyberpunk plot. Without breakable encryption, you have to steal both the data and the cypher key at the same time - which simply sends you directly to Act III because you no longer have the time trial in between.

Beyond the cyperpunk genre mandating it via author fiat, why would any futuristic company even connect anything truly valuable to any external network?

This is actually not much of a problem. Companies are always going to have something worth stealing that is accessible to external networks because they engage in international commerce. So there are always going to be piles of money and shipping orders for shipping containers full of fancy cars and luxury cheese for hackers to steal.

There is however a related problem that is a real problem, which is that it is not enough for the purposes of our stories for the hacker to be able to steal things that are "valuable" in the sense that they are or are worth money. They have to be able to steal things that are valuable to the story structure. Also, they have to have things that they need to spend effort protecting from enemy hackers despite the fact that they aren't engaging in international e-commerce.

Now, you'll note that there is nothing about the last part that specifies specifically that anything has to be accessible from the intertubes itself. Indeed, while there are lots of stories of "basement hackers" who don't leave their basements, those don't make terribly good cooperative storytelling adventures. Having hackers need to get on site in order to hack important story stuff is actually fine, because then they are infiltrating with the rest of the team and playing the damn game. Like how in episode 22 of Arrow, the team has to get their hacker into the computer room in Merlyn's building in order to get the information they needed. That is fine.

Here are things that are problematic:

• A message can't be sent securely without having a secure channel. If that can happen, e-commerce is inviolate and hackers can't reroute traffic or confuse orders or do any of the other stuff they are supposed to do to cause havoc and not pay their phone bills. This means that asymmetric encryption cannot be unbreakable.
• Stored information on a harddrive has to be extractable given time. If that doesn't happen, we can't tell stories like Skyfall and we've failed the cyberpunk genre emulation test. This means that symmetric encryption can't be unbreakable either. Though unlike asymmetric encryption, it's actually totally OK if it takes hours or days to break.
• Simply turning off wireless input can't be enough to protect you from combat hacking, because enemy hackers are supposed to be a threat to you in combat. And "you" in this case could also mean "them", because that has to go both ways, as either the hacker or the target could be the player character or the opposition. This requires there to be meaningful combat actions a hacker can take against luddite opponents. This can take the form of Minority Report style personal vision obscurement, Lawnmower Man style VR telepathy, Fringe style incapacitating light flashes, Snow Crash style mind controlling audio-signals, or Langford style basilisks. But it has to be something such that the hacker can do something meaningful against luddite opposition.

Bottom line is that having the player characters stamp their feet and refuse to have anything valuable in harm's way of enemy hacking is a much bigger problem than having companies doing that. The companies are always going to have millions or billions of dollars worth of stuff hanging in the network winds no matter how the hacking rules work. The issue there is to arrange for the hacking the companies are vulnerable to be hacking that the player characters can do while interacting with the adventure. So your goal there is to discourage basement hacking and encourage on-site hacking, while simultaneously supporting "cold" hacking and not requiring social hacks or password guessing. Line of Sight spooky action at a distance is probably your ideal there.

-Username17

[TheFlatline]

What is realistic though? We're talking about a paragidm that is 60 years in the future. 60 years ago, computers were the size of an entire office room, ran on vacuum tubes, and required specific punch cards to do basic math functions, and operated at the hundreds of computations per second.

To a certain extent, it's "you know it when you see it."

Anything based on stories of computer hacking written by a guy on a mechanical typewriter who had never used a computer or movies in 1982 about PONG is pretty definitely going to qualify as unrealistic. As are dungeon crawls or anything else that requires you send the rest of the players out to have a leisurely dinner at the slowest restaurant across town while you "hack". Anything that proposes a human with responses in tens of miliseconds having some sort of twitch oriented conflicts with a computer that can perform trillions of operations during that time is pretty clearly not very reasonable.

Part of coming up with a solution is scoping the problem. What are computers capable of, and more importantly, not capable of? If you extend the trend of MIPS out by 60 years you get seemingly absurd increases, like things being more then 10^30 times faster than today. Is that what is being proposed under the hood? It seems unlikely that the performance trend-lines can hold up, or can they?

I fucking LOVE that you're demanding a "realistic" hacking system, and yet in the previous breath you throw out... real world security paradigms as being "impossible" to implement because "realism" breaks the hacking system.

My point is that technology is advancing not linearly, but on a log scale, and in directions that were impossible to predict, not that numbers just keep getting bigger. So the farthest-flung futurist prediction bullshit that you come up with for your "realistic" hacking system is going to be outdated in 5-10 years when we either surpass your wildest dreams or take a tangent off the current trajectory and fling into unrealized technology.

And yet the one point of "realism" you could rely on- security paradigms that already exist, you shit-can.

My point is why try to play that prediction game when you *know* it's going to look like shit in a very short period of time. Create a *fun* set of mechanics and fucking technobabble the rest of it.

Shit it's worked for Star Trek for 40 years. Geeks are programmed to accept meaningless technobabble as a smear.

[TheFlatline]

Network security systems ARE optimized for speed.

And yet, I can take a flash drive full of movies and physically carry it across town faster than I can send it via the network. Again and still, your personally incredulity is faulty and obviously a broken compass even for determining what is realistic. Let alone for things being playable or narratively satisfying.



-Username17

My mentor had a phrase for this: "Never underestimate the bandwidth of Bob's trunk."

I can pack that motherfucker full of multi-TB drives and drive it to another state and deliver that information faster than it'd take to stream it over even the fastest network that we have.

Latency is still a bitch though, and as for error-correcting redudnancy... well... let's just hope Bob's car doesn't get stolen.

And kzt needs to STFU. Network security is *not* optimized for speed except for specific situations where the quality of service cannot sustain latency, such as VOIP. Network security is screwed down until people bitch and complain, and is then eased up just barely. It is the absolute maximum ideally that people can put up with and still do their work in a reasonable fashion.

Shit, firewalls after 30 years *still* use yes/no logic access control lists. I just interviewed at a company that has like a 10,000 line ACL in their firewalls. And the firewall *still* checks each of those rules, one by one, every time a packet comes in.

[TheFlatline]

Let's put that into perspective:

My phone has 4 cores, each about a 4,000 faster than the computer that took us to the moon. Imagine telling someone from the 60's your phone had a thousand times the total computing power on the earth. They'd think you were fucking insane. Shit the amount of progress in the last 10 years alone has been unpredictable.

You're demonstrating how humans are no good at visualizing large numbers. It's like that Douglas Adams quote about space:

Space is big. You just won't believe how vastly, hugely, mind- bogglingly big it is. I mean, you may think it's a long way down the road to the chemist's, but that's just peanuts to space.

You can look at the progress of computer hardware and think "that's a big number", and then look at the work required to break symmetric ciphers and get the exact same "that's a big number" feeling. It's horribly misleading, because in this case we're talking about differences in magnitude that make the difference between a trip to the chemist's and a trip to another galaxy look like a rounding error.

Humans are simply incapable of thinking about encryption intuitively. The only option is to do the math, and the math says everybody wanting breakable encryption (without using side channels attacks) is wrong. Luckily for us, side channel attacks can make for a fun game.

No dude, try reading what I was writing.

My point was that humans are really, really shitty at predicting where technology is going to go in short term 5 year bursts, let alone the sixty. motherfucking. years. between today and, say, shadowrun, since talking hacking means addressing the Matrix rules. Wanting a "realistic" system means either setting the system in modern days or shoehorning the equivalent of WW2 cutting edge tech into today's world and expecting it not to look fucking ridiculous.

I'm not even talking about your bullshit topic, yet you assume I am.

Truth is, I don't give a shit about your cryptography argument either way as an RPG. It's irrelevant to the subject because it's too granular, and it's attempting to project math and technological discoveries three motherfucking generations down the line.

[TheFlatline]

I already explained this, and Vebyast posted more details. Evolution only works if a mutation can have some influence on reproductive success.

Holy jesus I guess redheads don't exist and the appendix is still a vital fucking organ.

Bravo.

You may actually be the fastest n00b to ever hit my ignore list if you keep this up.

[TheFlatline]

If you get an incomplete Dystrophin gene, your fitness is zero. You get muscular dystrophy and don't have any children. Evolution has mechanisms to find solutions to problems where incomplete answers go directly to a fail state. Acting like such mechanisms can't exist in mathematics is simply a failure of your imagination.

You're working in the wrong direction. Instead of thinking about rejecting failure, think about working toward success. In slightly clearer terms, think about observations and evidence: when you do change something in your input, what changes in your output do you observe, and what evidence does this give you about how good your input was?

How much evidence of goodness do you gain when you change an organism's genome? Lots, right? This mutation caused this gene to be malformed, which caused the whatsit to have its hoozits colored wrong, but it turned out that that was cool and now the mutation is slowly spreading through the population. You can tell that that gene was a good change because it made the organism slightly more likely to reproduce. Hooray! You are making a more competitive organism.

How much evidence of goodness do you gain when you change a single letter in a crypto key? It still doesn't decrypt. What now? Do you have a better key or a worse key? You don't know. All you know is that this key is not equal to the correct key. You are not getting closer to decrypting this message.

Biological evolution works because there are 10^$TEXAS different ways to be observably more right and you can slowly creep along from not right to right. Your "crypto evolution" idea doesn't work because there is one way for your key to be observably more right, and so you're stuck at wrong and can't go anywhere because you can't find that one spot.

As a side note, if you've ever heard the phrase "side channel attack", that's the catch-all term for when someone has stuffed up their implementation of the algorithm and introduced a way for different keys to be observably more right. For example, if you're comparing plaintext passwords bit by bit and immediately reporting failure when you find a wrong bit, an attacker could measure how long it takes you to reject a password and then use that to figure out how many bits you decided were right. This is precisely the kind of software vulnerability that Ice9 was proposing we use to explain narratively-convenient hacking. Sometimes the breaks are more fundamental, such as the aforementioned bad pseudorandom number generators or the Enigma machine's inability to encrypt letters to themselves.

Err... Your definition of biological evolution is fucked up.

It's frequently documented in scientific record that many species "de-evolve" into less complex organisms. Biologists shrug and still call it "evolution".

If we're talking about Darwinian evolution, that's been disputed for quite some time and there's a more... nuanced... idea of descent with modification.

Because here's the thing: Our genes are mutating all the time. Our RNA usually catches the mutations and fixes them. Sometimes they don't. And even when they don't, it's like 1 in 10,000 mutations that actually have an effect on the organism in some real way.

So yes, biologically, in Evolution, if you catch a mutation that is so beneficial that it's a game-changer, you'll fuck more and pass your genes on more. Hopefully, it's a dominant gene mutation so it expresses in your children. Otherwise, I hope you fucked a LOT, so you can see the expression in generations 3 or 4 or so as recessive genes start doubling up in the population, creating a second wave of unfair advantages that let the double-recessives keep fucking in abnormally high numbers.

Or. You catch a mutation. It doesn't stop you from fucking a whole lot. So it gets passed on.

Evolution only gives a shit about outlier scenarios- the instant failure short circuits and the occasional game-breaker, which even then doesn't promise a genetic future.

Evolution, and biology, don't give a shit about perfection. It is a non-linear system that craves the shortest paths to stability, not environmental perfection.

[Omegonthesane]

Something something evolution

The point remains, evolution only vaguely works as a means of optimisation because an iteration can be observably better than the previous one, which isn't the case if you're trying to apply it to breaking an encryption key.

Those wishing to further discuss cryptography in cyberpunk are advised to watch this professional video, which explains concisely how it's entirely plausible.

[TheFlatline]

I definitely agree on the first point. Just say that it's four hits on a hacking test and one hour, or you have win a contest, or you have to play go fish with the DM, or whatever. However, I do think that we can achieve that goal without without so much as mentioning decryption. If we end up choosing to talk about mathematics, then "because I say so" is probably the right way to handle it, but I think that we can get away without even starting that conversation in the first place.

Why not? Why not have a mix of hard and soft encryption? We have that now.

If we have encryption that takes 20 minutes to break but that data is only useful for the next 5 seconds, it's "good enough". We'll stop using it when it takes 4.999 seconds to break the encryption. Or knowing humans and how fucking lazy we are, about 5 years after we reach that threshold.

We also have humans as a weak link creating passwords. I challenge anyone to remember a 4096-bit encryption key. Shit 90% of the words we use on a daily basis only come from a 3000 word deep pool. In that respect, hackers/crackers are *winning* the security game. They know more about our password habits as a whole than we do, thanks to several major noteworthy hacks exposing millions of passwords. The accounts don't matter so much as the passwords themselves- they're now used to custom cook attack packages that are terrifying in how effective they are. In effect, they've learned the "RNG" of the average human's mind. Any point where our own ingenuity has to provide something "random" is going to be a breach point.

It offended me as a geek in SR4 the cludge that "all encryption is easily and quickly defeated thanks to some new breakthroughs". I don't mind the idea that top-level encryption can be solved via mathematical geniuses with access to a football-field sized server room of computing power clustered together. You know, NSA triple-fence shit. Who knows what the fuck they've figured out. It's like playing cat and mouse, where you're the mouse, but the cat never gives away when he catches you, he just follows you after that. Forever. In the shadows. Unless he fucks up, and you catch wind, and can jink again.

I have no problem with encryption that, for the average mercenary hacker, is "above their paygrade". Cyberpunk isn't about living life at the top, it's about living life way down the ladder. If some merc hacker manages over the course of 20 years to crack a system thought uncrackable, that's a great fucking story and I'm okay with that too.

Encryption isn't supposed to be invincible- nothing is forever. It's supposed to make your data obscure for long enough that the data becomes irrelevant if/when it's finally decoded. That's the practical intent of encryption.

[jadagul]

Frank: I don't think any of us are arguing with anything you said in your last post. With one possible exception. I do agree that information in a hard drive needs to be extractable. But the more you specify exactly how anyone is extracting information from a hard drive, the more players are going to try to do cute things to break your phlebotinum, and the more you're going to trigger table arguments about how encryption really works and what the math says, man, and so on. Whereas if you just say "information is extractable with a Hacking check" or something, and direct anyone who complains to Appendix T, you sidestep all of that.

Otherwise I start asking things like how you crack the data encrypted with a one-time pad that's only stored on micro-etching on a titanium disk that's enclosed in a faraday cage that's stuck inside a polymer resin ball that's stuffed up in the troll anus, and no one wants to have that conversation. So you just say, "fuck you, no, it's decryptable. Don't ask me why. It just is."

[Pulsewidth]

A message can't be sent securely without having a secure channel. If that can happen, e-commerce is inviolate and hackers can't reroute traffic or confuse orders or do any of the other stuff they are supposed to do to cause havoc and not pay their phone bills.

Hackers can reprogram commlinks to send keys to the hacker whenever the user tries to buy something. This can be done in advance, and we can abstract it out as Botnet Rating or something. And if you weaken e-commerce too much then you kill the Credstick system, and then there's no game because hackers take the low risk option for getting paid.

Stored information on a harddrive has to be extractable given time. If that doesn't happen, we can't tell stories like Skyfall and we've failed the cyberpunk genre emulation test.

If you were able to physically steal the harddrive then you were in range for hacking systems that had access to the key. They're actively defended, so it's going to take time.

I just interviewed at a company that has like a 10,000 line ACL in their firewalls. And the firewall *still* checks each of those rules, one by one, every time a packet comes in.

Only if the programmer was incompetent. Somebody not totally ignorant of computer science would immediately think of trees or hash tables.

My point was that humans are really, really shitty at predicting where technology is going to go in short term 5 year bursts, let alone the sixty.

I agree. Math however stays exactly the same.

I already explained this, and Vebyast posted more details. Evolution only works if a mutation can have some influence on reproductive success.

Holy jesus I guess redheads don't exist and the appendix is still a vital fucking organ.

So you're saying redheads have literally identical reproductive fitness (including group fitness) in every environment that existed or previously existed? Pale skin gets you more vitamin D where there's little sunlight. Some people find redheads more attractive. Their genes obviously don't have zero influence on reproductive fitness.

And the appendix still has value now (helping you restore gut bacteria after severe diarrhea or antibiotic use), but even if it didn't that's not evidence that evolution creates things with zero value, it's evidence that it lost its value recently on the timescale evolution works at.

I challenge anyone to remember a 4096-bit encryption key.

That's only 318 random Diceware words. It's no great feat to remember using memory palace techniques. And the only reason you'd want such a big key is for asymmetric encryption, which even Team Cipherpunk acknowledge could be broken in the future. 256-bit is overkill for symmetric encryption even if you have perfect quantum computers.

[Vebyast]

Or. You catch a mutation. It doesn't stop you from fucking a whole lot. So it gets passed on.

Once that mutation becomes part of a sufficiently large population, there are enough random trials being done that even minuscule effects on reproductive fitness start mattering. At which point things get sufficiently predictable that we have equations that agree with reality. Here's a recent literature survey.

I challenge anyone to remember a 4096-bit encryption key.

I know who to talk to to learn how. Might take me a while to get the method down, but I know it's possible.

I see now. I'm used to seeing that argument posed somewhat differently. If you ever have this argument again, instead of writing out the logic underlying your particular disagreement with that particular problem using weird computational machines you devised specifically to prove a point, just say "sufficiently large input" with a whole bunch of sarcasm. If you look at the wiki pages for "time complexity" or "asymptotic notation", they have those words or equivalents right in the first paragraph definitions, and basically every proof on the page has a limit at infinity somewhere. Sorry it took me so long to figure that one out. Call it a lesson in the value of jargon and field-specific vocabulary; I think I kept assuming that you were trying to put together some completely new argument or something. [edited to be slightly less hostile]

Anyway, "sufficiently large input". Sure, you can declare that for all reasonable inputs the runtime is dominated by smaller factors. Kind of like how nobody uses Coppersmith-Winograd because it has such huge constants in front that sufficiently large inputs don't even fit on modern computers. Still doesn't matter; as I mentioned earlier, I can do the heavy lifting offline and use the results to make online problem-solving easier, kind of like spending free time to measure a bunch of distances on a map so you have them for reference later. Which means that my ninja terminators will only move as well as real-world ninjas instead of kung-fu movie ninjas. The fact that you've made these solutions available to yourself means you've also made them available to me.

[Dr_Noface]

A wizard did it? (breaking cryptography that is)

[kzt]

Shit, firewalls after 30 years *still* use yes/no logic access control lists. I just interviewed at a company that has like a 10,000 line ACL in their firewalls. And the firewall *still* checks each of those rules, one by one, every time a packet comes in.

You don't know what you are talking about. The ACLs are implemented by ASICs at line rate on any vaguely modern system. Even deep packet inspection system do that for the vast majority of the traffic. Which is why they can do deep packet inspection at multi-gigabit rates and be able to do things like find and selectively throw away just enough of every bittorrent session to slow it to less then a kb/sec (without killing them completely) while still letting the desirable traffic in/out at line rate.

The rules/ACLs are presented in the management interface as though they are implemented one line at a time by a single engine, but that isn't how it really works.

[kzt]

256-bit is overkill for symmetric encryption even if you have perfect quantum computers.

You just hack the box and it hands you the decrypted data. It doesn't matter at all how good the encryption is, the OS is 100% effective in decrypting it. The attack surface of a computer running all sorts of applications is going to be almost infinitely larger then the attack surface of a serial I/O device, so it pays to keep the target computer running.