Information Warfare Mechanics

General questions, debates, and rants about RPGs

Moderator: Moderators

fectin
Prince
Posts: 3760
Joined: Mon Feb 01, 2010 1:54 am

Post by fectin »

Those things are all also dedicated to fooling lazy or overgeneralized implementations. Not they don't work, but they don't automagically fool everything.
Vebyast wrote:Here's a fun target for Major Creation: hydrazine. One casting every six seconds at CL9 gives you a bit more than 40 liters per second, which is comparable to the flow rates of some small, but serious, rocket engines. Six items running at full blast through a well-engineered engine will put you, and something like 50 tons of cargo, into space. Alternatively, if you thrust sideways, you will briefly be a fireball screaming across the sky at mach 14 before you melt from atmospheric friction.
DSMatticus
King
Posts: 5271
Joined: Thu Apr 14, 2011 5:32 am

Post by DSMatticus »

I would not call implementations which fail to those techniques lazy or overgeneralized. The dance mix, for example, is just a traditional jamming technique. Plucking signals out of a pile of noise is genuinely difficult.
User avatar
GnomeWorks
Master
Posts: 281
Joined: Mon Apr 21, 2014 12:19 am

Post by GnomeWorks »

FrankTrollman wrote:That's why this sort of thing has to be all about the guy doing it. The hacker's range and the hacker's hack strength, with everything in range being subverted if it is below the security threshold of the hack. You can't do an action resolution per device because there are several orders of magnitude too many devices. Subversion has to function like jamming, because there are so many fucking devices in the future that no other system is possible.
I don't see why anyone would argue with this. It might not be entirely "realistic," but I'd almost argue that a hacker who lives in a cyberpunk future specifically has things to hack overwatch equipment (cameras, etc) near them as quickly as possible, possibly even as a persistent background process that can be switched on and off. In the kinds of situations people find themselves in cyberpunk, fucking around with hacking hundreds of cameras each individually seems like a massive waste of time. You'd automate the process, run a script from your phone or whatever, to just do it, and because it's a goddamn computer, it does a thousand devices in the time it'd take a person to do one.

That also means you might miss some devices, like things that run on architectures you're not familiar with (and thus haven't coded for), but if you miss one-tenth of all devices... you've still got enough to get the job done. And that weird architecture thing can be represented in "hack defense," or whatever the hell you'd call a device's resistance to being hacked.

So doing the "one number to hack them all" approach works. It's mechanically elegant, doesn't run into the MC trying to figure out the precise number of devices present, can be quickly resolved, and at least has a mildly plausible realistic explanation.
User avatar
Stahlseele
King
Posts: 5974
Joined: Wed Apr 14, 2010 4:51 pm
Location: Hamburg, Germany

Post by Stahlseele »

It's basically how Watchdogs works if i understood this correctly.
You basically can see all phones and some other things in your close proximity(basically just LOS) and don't need to do anything to go in and do stuff to that. And then it gets complicated by allowing hacked cameras and the such to extend the LOS for this purpose.
Welcome, to IronHell.
Shrapnel wrote:
TFwiki wrote:Soon is the name of the region in the time-domain (familiar to all marketing departments, and to the moderators and staff of Fun Publications) which sees release of all BotCon news, club exclusives, and other fan desirables. Soon is when then will become now.

Peculiar properties of spacetime ensure that the perception of the magnitude of Soon is fluid and dependent, not on an individual's time-reference, but on spatial and cultural location. A marketer generally perceives Soon as a finite, known, yet unspeakable time-interval; to a fan, the interval appears greater, and may in fact approach the infinite, becoming Never. Once the interval has passed, however, a certain time-lensing effect seems to occur, and the time-interval becomes vanishingly small. We therefore see the strange result that the same fragment of spacetime may be observed, in quick succession, as Soon, Never, and All Too Quickly.
TheFlatline
Prince
Posts: 2606
Joined: Fri Apr 30, 2010 11:43 pm

Post by TheFlatline »

GnomeWorks wrote:
FrankTrollman wrote:That's why this sort of thing has to be all about the guy doing it. The hacker's range and the hacker's hack strength, with everything in range being subverted if it is below the security threshold of the hack. You can't do an action resolution per device because there are several orders of magnitude too many devices. Subversion has to function like jamming, because there are so many fucking devices in the future that no other system is possible.
I don't see why anyone would argue with this. It might not be entirely "realistic," but I'd almost argue that a hacker who lives in a cyberpunk future specifically has things to hack overwatch equipment (cameras, etc) near them as quickly as possible, possibly even as a persistent background process that can be switched on and off. In the kinds of situations people find themselves in cyberpunk, fucking around with hacking hundreds of cameras each individually seems like a massive waste of time. You'd automate the process, run a script from your phone or whatever, to just do it, and because it's a goddamn computer, it does a thousand devices in the time it'd take a person to do one.

That also means you might miss some devices, like things that run on architectures you're not familiar with (and thus haven't coded for), but if you miss one-tenth of all devices... you've still got enough to get the job done. And that weird architecture thing can be represented in "hack defense," or whatever the hell you'd call a device's resistance to being hacked.

So doing the "one number to hack them all" approach works. It's mechanically elegant, doesn't run into the MC trying to figure out the precise number of devices present, can be quickly resolved, and at least has a mildly plausible realistic explanation.
The problem is that you get someone who knows, or thinks they know (thanks to hollywood), about IT and hacking and network shit. So they start to try to game the system with shit like "but if I drill through the firewall fast enough that should allow me to make an unopposed roll and just get access to everything."

The MC's brain explodes and then you try to explain to the player that this is part of the abstracted system and then you get into an argument over granularity.

I agree though completely, abstraction is the way to go. I just know from experience that you get assholes who will argue granular benefits in an abstracted system. In my last game of Shadowrun someone actually tried to talk to me about how *his* deck modified the waveform of the wireless signal so he should get a substantial advantage or some other bullshit like that. So it happens.
User avatar
Stahlseele
King
Posts: 5974
Joined: Wed Apr 14, 2010 4:51 pm
Location: Hamburg, Germany

Post by Stahlseele »

@TheFlatline
He's trying to mount the horse from the wrong end.
He's trying to get stuff by describing what he wants.
Instead he gets stuff and can explain why/how.
I hope you told him that?
Welcome, to IronHell.
Shrapnel wrote:
TFwiki wrote:Soon is the name of the region in the time-domain (familiar to all marketing departments, and to the moderators and staff of Fun Publications) which sees release of all BotCon news, club exclusives, and other fan desirables. Soon is when then will become now.

Peculiar properties of spacetime ensure that the perception of the magnitude of Soon is fluid and dependent, not on an individual's time-reference, but on spatial and cultural location. A marketer generally perceives Soon as a finite, known, yet unspeakable time-interval; to a fan, the interval appears greater, and may in fact approach the infinite, becoming Never. Once the interval has passed, however, a certain time-lensing effect seems to occur, and the time-interval becomes vanishingly small. We therefore see the strange result that the same fragment of spacetime may be observed, in quick succession, as Soon, Never, and All Too Quickly.
TheFlatline
Prince
Posts: 2606
Joined: Fri Apr 30, 2010 11:43 pm

Post by TheFlatline »

Stahlseele wrote:@TheFlatline
He's trying to mount the horse from the wrong end.
He's trying to get stuff by describing what he wants.
Instead he gets stuff and can explain why/how.
I hope you told him that?
Yeah that's basically what I ended up boiling down to. "Well you have an uber deck that gives you all these bonuses, so yeah, we can say that part of that bonus comes from there".

It's a munchkin problem. It'll be prevalent in any player looking for an unfair advantage mechanically, but I've found it doesn't seem as big of an issue in a highly granular system because you can usually find something close enough to base your game altering effects on. In an abstract system there's no comparison of power levels (intentionally) to compare.
User avatar
Foxwarrior
Duke
Posts: 1626
Joined: Thu Nov 11, 2010 8:54 am
Location: RPG City, USA

Post by Foxwarrior »

GnomeWorks wrote:
FrankTrollman wrote:That's why this sort of thing has to be all about the guy doing it. The hacker's range and the hacker's hack strength, with everything in range being subverted if it is below the security threshold of the hack. You can't do an action resolution per device because there are several orders of magnitude too many devices. Subversion has to function like jamming, because there are so many fucking devices in the future that no other system is possible.
I don't see why anyone would argue with this.
Well, there are multiple statements in there, and I wouldn't argue with all of them.

Like, "You can't do an action resolution per device because there are several orders of magnitude too many devices" is not a thing I would argue with, unless we were talking about a computer game. When I said five cameras, that's the number I meant (because I was thinking about spying, not erasing data), and that's not several orders of magnitude in any integer base.

I'm tempted to argue with "in range" and "Subversion has to function" because they feel like major setting design decisions with useful consequences on both sides. Like, "in range" is hard to work with unless you use butterfly programming technology (which is really weird with AoEs, isn't it?) and "Subversion has to function" significantly detracts from the constant surveillance themes.
Omegonthesane
Prince
Posts: 3680
Joined: Sat Sep 26, 2009 3:55 pm

Post by Omegonthesane »

Foxwarrior wrote:
GnomeWorks wrote:
FrankTrollman wrote:That's why this sort of thing has to be all about the guy doing it. The hacker's range and the hacker's hack strength, with everything in range being subverted if it is below the security threshold of the hack. You can't do an action resolution per device because there are several orders of magnitude too many devices. Subversion has to function like jamming, because there are so many fucking devices in the future that no other system is possible.
I don't see why anyone would argue with this.
Well, there are multiple statements in there, and I wouldn't argue with all of them.

Like, "You can't do an action resolution per device because there are several orders of magnitude too many devices" is not a thing I would argue with, unless we were talking about a computer game. When I said five cameras, that's the number I meant (because I was thinking about spying, not erasing data), and that's not several orders of magnitude in any integer base.
I'll have you know 5 is 11111 in Base 1.
Kaelik wrote:Because powerful men get away with terrible shit, and even the public domain ones get ignored, and then, when the floodgates open, it turns out there was a goddam flood behind it.

Zak S, Zak Smith, Dndwithpornstars, Zak Sabbath, Justin Bieber, shitmuffin
User avatar
Foxwarrior
Duke
Posts: 1626
Joined: Thu Nov 11, 2010 8:54 am
Location: RPG City, USA

Post by Foxwarrior »

Aww, dangit. I'd somehow totally forgotten that base 1 was a thing that makes sense.
Blade
Knight-Baron
Posts: 663
Joined: Wed Sep 14, 2011 2:42 pm
Location: France

Post by Blade »

TheFlatline wrote: I agree though completely, abstraction is the way to go. I just know from experience that you get assholes who will argue granular benefits in an abstracted system. In my last game of Shadowrun someone actually tried to talk to me about how *his* deck modified the waveform of the wireless signal so he should get a substantial advantage or some other bullshit like that. So it happens.
I see what you mean.
It's also very common with encryption. You've got players explaining how they've designed a very clever encryption scheme (most of the time it's something far less secure than regular DES or just a variation of OTP) and how nobody can eavesdrop on their conversation thanks to this.

It will be the same if you consider that a hacker can see everything in an area thanks to the cameras. There will always be players to tell you that they make sure that this part is not visible to any camera.

For encryption, it's easy to tell a player "that's covered by the rule: your clever algorithm is a high rating encrypt program. Believe me: there are still ways to crack it, otherwise everybody would be using it".

For the cameras, it's a bit more difficult. Your system should allow for some modifiers to handle that kind of behavior ("target is actively trying to hide something: -4", preferably with "actively trying to hide something" an action that gives negative modifiers to other actions so that PC can't do it constantly without any drawback.).
Username17
Serious Badass
Posts: 29894
Joined: Fri Mar 07, 2008 7:54 pm

Post by Username17 »

I think there is real value in having tiers of encryption. Especially in having it extend to one time pads. OTP is real, and it's really unbreakable. Not 'unbreakable' with little finger quotes, but actually unbreakable. It has numerous disadvantages that make it impractical for regular use and not always desirable even for short ninja missions. It's important enough that it should just be an option in the rules - it's not the kind of thing you want MCs to have to make up rules for on the spot the first time a player reads a book about cryptography.

-Username17
User avatar
Dean
Duke
Posts: 2059
Joined: Mon May 12, 2008 3:14 am

Post by Dean »

I think OTP's would only ever be used as DM penises and would probably be bad for the game. On the player side they are useless because they are tautologies. If you could get a secret message to someone THEN you can get a secret message to someone. I think using abstract game mechanics OTP's wouldn't need to have any special property at all over a cipher that was just very hard to intercept or decode. The investigation of the OTP message would just be concerned with discovering or locating the original code rather than trying to break the security programs on the code you have.
DSMatticus wrote:Fuck you, fuck you, fuck you, fuck you. I am filled with an unfathomable hatred.
Username17
Serious Badass
Posts: 29894
Joined: Fri Mar 07, 2008 7:54 pm

Post by Username17 »

Dean wrote:I think OTP's would only ever be used as DM penises and would probably be bad for the game. On the player side they are useless because they are tautologies. If you could get a secret message to someone THEN you can get a secret message to someone. I think using abstract game mechanics OTP's wouldn't need to have any special property at all over a cipher that was just very hard to intercept or decode. The investigation of the OTP message would just be concerned with discovering or locating the original code rather than trying to break the security programs on the code you have.
You are totally completely fucking wrong in every way it is possible to be wrong. A OTP allows you to port the secrecy of your transmission into the future. So, to pick a potentially relevant example out of my ass: you could securely transmit the pad to your spy drone while you were safely in your home base and none of the corps knew you from Adam, and then activate the pad to get literally unbreakable encryption on the transmissions between you and the spy drone for a few hours. During a mission, perhaps.

OTPs are useful to raiders - people whose communications are only going to be interesting to hostiles at a specific and predictable time. You know, the player fucking characters.

That's why it's so important for the game to be up front with what the limitations are in the game. Because players are obviously extremely interested and they will want to use them. If you don't have rules for it, you're just forcing the MC to make some untested ones up on the fly. And since we're talking about a code that is literally unbreakable, random asspulled rules are pretty likely to break the game.

-Username17
User avatar
Lokathor
Duke
Posts: 2185
Joined: Sun Nov 01, 2009 2:10 am
Location: ID
Contact:

Post by Lokathor »

OTPs have also been used in sci fi books that aren't about hacking, crypto, running, or anything else like that. Not heavily, but the author mentions them and such, you know. They're not entirely obscure, so a game that's putting in a minigame about crypto should include them even just for that reason.
[*]The Ends Of The Matrix: Github and Rendered
[*]After Sundown: Github and Rendered
User avatar
GnomeWorks
Master
Posts: 281
Joined: Mon Apr 21, 2014 12:19 am

Post by GnomeWorks »

FrankTrollman wrote:That's why it's so important for the game to be up front with what the limitations are in the game. Because players are obviously extremely interested and they will want to use them. If you don't have rules for it, you're just forcing the MC to make some untested ones up on the fly. And since we're talking about a code that is literally unbreakable, random asspulled rules are pretty likely to break the game.
I think the issue is that a lot of people would have problems with players (or the MC) breaking out an "I win" button like OTP. Because it really is; even if you had the computing power to "break" the cipher in a reasonable amount of time such that it would still be useful, you'd wind up with a number of variations on the message as a function of the character length.

I mean you might be able to throw some natural language processing and Bayesian calculations into it, to try to toss out messages that don't make sense in context, but even so, you're probably looking at - at best - a 50% success rate in figuring out the actual message. And significantly worse, if the people using the OTP are super-paranoid and use words with lengths such that their antonyms are the same length, or randomly insert some portmanteaus, which... yeah, even if you can break the cipher, you're not going to find the actual message: it's a needle in a haystack in a field of haystacks.

Anyway, in the scenario of sending the OTP to a drone prior to doing a run or whatever, the correct answer on the part of your opposition is to get physical access to the drone itself without you knowing (so you can't tell it to drop the pad, or self-destruct, or whatever). But I think if a player ran into an MC using OTP, there's a good chance for a shit-load of whining about "but my hacking skills are awesome, I should be able to crack it." On the converse, an MC running into a player using OTP is going to be constantly frustrated by it unless they understand that it's a brick wall that has to be worked around, so without clear rules as to how they work, the MC is likely to make a stupid ruling that doesn't actually make any goddamn sense.
Username17
Serious Badass
Posts: 29894
Joined: Fri Mar 07, 2008 7:54 pm

Post by Username17 »

You seem to be a bit unclear on how good OTPs are. You don't get to know how long the words are. You only get to know how long the message is, and you don't get to know if they padded their message with a bunch of gibberish or even just a line of qs. Every bit of the entire message is randomly but specifically either flipped or not. Without the key, there is no possible way to get any information from the message save for meta-information like the time and location the message was sent from.

However, while it is the ultimate 'I win' button in cryptography, its use is very limited. In order to use it, you have to first securely transmit it unencrypted to the eventual target. And you have to keep both ends from being compromised before, during, and after the transfer. And it isn't reusable. So it's really ideal for a 'teleport ambush' scenario - for a limited time, your transmissions cannot be intercepted. But it's kind of crap in almost all other situations.

-Username17
User avatar
GnomeWorks
Master
Posts: 281
Joined: Mon Apr 21, 2014 12:19 am

Post by GnomeWorks »

FrankTrollman wrote:You seem to be a bit unclear on how good OTPs are.
What part of my analogy of the actual message being a needle in a haystack in a field of haystacks indicates that I do not understand how good they are?

There is, beneath the encryption, an actual message. I understand that - at the moment, with our level of tech - breaking an OTP is effectively impossible. But with sufficient computing power and sufficiently "intelligent" code-breaking algorithms, as well as taking context into account, you could probably arrive at some possibly-reasonable fraction of the total length of the string in number of possible decryptions of the string. Narrowing it down much further than that might approach impossible, but having a set of possibilities is a whole different beast from having no clue whatsoever.

Padding the message is possible, I suppose, which is something I hadn't considered, but essentially works along the same vein as using portmanteaus or words whose antonyms are the same length. The same thing could be accomplished by going all Navajo on it as well, or even just playing clever grammatical games with your messages. Basically if you employ OTP and some other encryption method encapsulated in it, then I think it approaches actually impossible (as in, no decryption results in a message that could even be close to the original message) instead of just currently impossible (in that it might eventually be possible to break it and arrive at a number of possible choices, given a level of tech we currently don't have but is certainly within the realm of future possibility).
John Magnum
Knight-Baron
Posts: 826
Joined: Tue Feb 14, 2012 12:49 am

Post by John Magnum »

GnomeWorks, please, you really don't know what one-time pads are. Read about them or stop posting about them or both.
-JM
User avatar
RadiantPhoenix
Prince
Posts: 2668
Joined: Sun Apr 11, 2010 10:33 pm
Location: Trudging up the Hill

Post by RadiantPhoenix »

@GnomeWorks: Let me explain why One Time Pads are fucking magic:

Here's how a One Time Pad works:
  1. Send your message securely
  2. Decide what your message was
  3. Send the decryption key
How, exactly, do you plan to determine the message from the decryption key? (Which, by the way, is random noise.)

Ouija?
Last edited by RadiantPhoenix on Sun Sep 21, 2014 3:18 am, edited 1 time in total.
User avatar
GnomeWorks
Master
Posts: 281
Joined: Mon Apr 21, 2014 12:19 am

Post by GnomeWorks »

John Magnum wrote:GnomeWorks, please, you really don't know what one-time pads are. Read about them or stop posting about them or both.
Everything I'm saying is apparently sailing right over your head.
User avatar
momothefiddler
Knight-Baron
Posts: 883
Joined: Sat Feb 22, 2014 10:55 am
Location: United States

Post by momothefiddler »

GnomeWorks, as I understand it, you're arguing that the transmission can be decoded into the set of possible plaintext messages, and then other heuristics (grammar, language, context, etc.) can be used to narrow down those messages, and sufficiently advanced technology could narrow them down to a workable number and gain information.

And that's true.

Except that you're still only working with metadata. The thing is, "the set of possible plaintext messages" from QNFURLLEMSITPANZUTKWODNYSLEYAJ, is exactly "the set of possible plaintext messages" that are 30 characters long. That's all you get. The decoding you do with potential pads is literally replacing each character with every possible character in your message. And while sufficiently advanced technology probably could deduce valuable information from "there was a transmission 30 bytes long from zone D-14 at 13:56:02", that's still all you have to go on.
name_here
Prince
Posts: 3346
Joined: Fri Mar 07, 2008 7:55 pm

Post by name_here »

One-Time Pads are actually unbreakable, and no amount of processing power can ever change that. Every single character of the message is shifted (unless the shift for a character happens to be zero, but you don't know that) and there is no pattern to the shifts. You don't know how long words within the message are because the spaces have also been shifted by a random amount. The message could correspond to any cleartext of equal length.
DSMatticus wrote:It's not just that everything you say is stupid, but that they are Gordian knots of stupid that leave me completely bewildered as to where to even begin. After hearing you speak Alexander the Great would stab you and triumphantly declare the puzzle solved.
User avatar
GnomeWorks
Master
Posts: 281
Joined: Mon Apr 21, 2014 12:19 am

Post by GnomeWorks »

momothefiddler wrote:bunch of words
Yes. Exactly.

I'm aware that the fact that you have an n-byte long message is all you have to go on. However, for the specific instances in which OTPs are useful - as outlined by Frank, above - there would also possibly be contextual information that could be combined with the information that there was a transmission of n-length at x time to assist in decrypting it to, again, a reasonable number of possible decryptions.

I'm not arguing that it would ever be possible to go from an OTP-encrypted message directly to the actual message at its core. I don't think that's possible. But it should be possible, with sufficiently advanced technology, to go from an OTP-encrypted message to some reasonable (probably computer-reasonable, not people-reasonable) number of different decrypted messages.

Which is why I mentioned the encapsulation of additional encryption within the OTP, because that would probably put it firmly back within the realm of impossible; whether that is just padding words and such or going all Navajo on it, any additional encryption on top of OTP makes it impossible in the context of a world with sufficiently advanced tech to make it possible to potentially get the correct message (albeit jumbled in with a bunch of incorrect decryptions).
User avatar
momothefiddler
Knight-Baron
Posts: 883
Joined: Sat Feb 22, 2014 10:55 am
Location: United States

Post by momothefiddler »

I dunno. As messages get longer (or you include the fact that you could easily have pre-prepared shorthand in addition to the OTP, which I guess would fall under your classification of other encryption), the amount of info you can get from the length of the message is vanishingly small compared to the info from the time of the message, the strength at which it was sent, the direction (if a directional transmission) of the beam, and (extremely importantly) the origin point of the signal - and of any response.
I mean, once you have the contextual heuristics, the difference between "a 50-character english message" and "a 50-or-fewer-character english or russian message" is minimal. And if you're up into the hundreds or thousands of characters, the length really doesn't provide any insight into the possible messages beyond very vague things (it's probably not a schematic for the prototype engine they're trying to steal).
Post Reply