No, you didn't make up the known plaintext attack:
Passing Notes: Encryption, Reception, and Retransmission wrote:In Shadowrun, an encryption scheme can be undone if one has both the encrypted and the unencrypted version of the message. This means that if one compromises the computer on either terminal end of a message relay, that the code itself is compromised. However, merely listening to the encrypted transmission is essentially worthless. Indeed, any number of devices can be along the chain and be compromised without endangering the code in any way. Each computer can take the encrypted information and pass it on, still encrypted, without understanding or changing the data in any way. It is only when one gets to a computer that actually composes the encrypted data or is intended to put the data into brain text or other usable format that a hardware compromise gives away the show.
The problem is that a one-time pad is used, well,
once. If you have the plaintext and ciphertext encrypted with a OTP, you can indeed retrieve the key used--that's true even in 2008. But the part of the key you recover was only used to encrypt the particular message you already know; if the OTP is implemented correctly, that part of the key was thrown away after that message was sent and will never be used ever again, so knowing it dosn't help you.
Additionally, the encryption scheme and the key are perfectly decomposable, so if you have the plaintext for
half of a message, that will get you
half of the key--but that half of the key wasn't used in any way in encrypting the
other half of the message. Every single bit of information is combined with a different bit of the key. You might be able to guess what the second half is likely to say based on what the first half said, but having the encrypted version of the second half doesn't help you in any way except to determine how long the message is. No matter how much of the message you know, you can't decrypt any other part of it, because you could decrypt the remaining message to
anything at all (of the same length) if you chose the right bits for the remaining key.
It's entirely true that this is a game and ciphers don't have to follow the real-world rules, but there's no point in calling something a OTP if it actually has the security characteristics of EUE instead. And there's a big blurb in the rules about one-time pads and how they're totally unbreakable.
Additionally, I don't see anything putting a length limit on the text you can transmit under EUE. Most (real-world) ciphers allow you to encrypt arbitrary-length messages safely, and EUE is supposed to be used for high-density signals, so I imagine the cut-off can't be very low without seriously impacting its usefulness. So if the transceiver is actually using EUE, and not a OTP, I don't see why there should be any practical limit to the amount of data you can send through (though someone who overhears some of the data will be able to recover the key and decrypt all of it, as per the rules quoted above).
Though, in order to apply that rule
rigorously, you do need some sort of cut-off for the amount of plaintext you need and how long it takes to retrieve the key (and maybe an inverse relationship between the two). But those parameters can be almost anything you want, as long as the players know what they are.