Back to the main page

Mailing List Logs for ShadowRN

Message no. 1
From: The Reverend <mdb0213@******.TAMU.EDU>
Subject: Sneakernet and Non-secure cryptography.
Date: Fri, 3 Dec 1993 10:05:36 -0600
A friend of mine had an interesting though, with interesting applications.
I don't know whether or not this is likely to happen, though I doubt that it
would in the way that she thought.

Proposition: the "box" from Sneakers exists. This is unlikely, although now
there are machines that can break DES in a matter of hours. (If the machines
don't exist, then I know that someone just recently published a paper on how
to do it, with an inverse correlation between time to crack and millions spent)

Consequences:
Computer security would take a nosedive. If you have a box that can
decrypt anything, extremely sensitive information is going to be either

(a) moved off of the matrix. More of those "independent" systems that you
see occasionally in modules. Computers that have a lot more physical
security on them than cryptographic.

(b) moved off of computers. Paper comes back as the premier carrier of
confidential information. Sneakernet comes back with a VENGENANCE,
couriers become fairly important, seeing as they would be one of the
few ways of moving confidential infomation from one place to the other.
It would be more important for people to be able to verify that the
info received is the correct stuff. More in-person meetings, perhaps?



Any comments, ideas, mints?
Rev
---
The Reverend "They called me the Reverend when I entered the church unstained"
Fear the Information Revolution...for it has reached the hands of the strange.
PGP 2.2 Public Key Block available upon request
Message no. 2
From: Richard Pieri <ratinox@***.NEU.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Fri, 3 Dec 1993 11:43:15 EST
>>>>> On Fri, 3 Dec 1993 10:05:36 -0600 (CST), The Reverend
>>>>> <mdb0213@******.tamu.edu> said:

mdb0213> Proposition: the "box" from Sneakers exists. This is unlikely,
mdb0213> although now there are machines that can break DES in a matter of
mdb0213> hours. (If the machines don't exist, then I know that someone
mdb0213> just recently published a paper on how to do it, with an inverse
mdb0213> correlation between time to crack and millions spent)

Actually, what they have is /plans/ for an MPP chip that could break
DES-encrypted files, given lots of money to produce. They are not in
production at this time, and probably never will be. And they won't break
other cyphers such as IDEA.

mdb0213> Consequences:
mdb0213> Computer security would take a nosedive. If you have a box that
mdb0213> can decrypt anything, extremely sensitive information is going
mdb0213> to be either

Neither: new cyphers will be developed.

mdb0213> (a) moved off of the matrix. More of those "independent"
mdb0213> systems that you see occasionally in modules. Computers that
mdb0213> have a lot more physical security on them than cryptographic.

Extremely sensitive data will never be on the net in the first place. This
is the biggest flaw in any netrunning you'll see.

mdb0213> (b) moved off of computers.

Doubt it. Too much information to deal with harcopy.

mdb0213> Paper comes back as the premier carrier of confidential
mdb0213> information. Sneakernet comes back with a VENGENANCE, couriers
mdb0213> become fairly important, seeing as they would be one of the few
mdb0213> ways of moving confidential infomation from one place to the
mdb0213> other. It would be more important for people to be able to
mdb0213> verify that the info received is the correct stuff. More
mdb0213> in-person meetings, perhaps?

SneakerNet and digital media are not mutually exclusive.

--
Rat <ratinox@***.neu.edu> Northeastern's Stainless Steel Rat
PGP 2.x Public Key Block available upon request
GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | | | | | | | | | | | | | | | | | | | | |||
There are no problems. If there were problems, they would be your fault. If
there was, hypothetically, a problem, and it was not your fault, it would
be impossible for us to fix. That's not a supported configuration.
--Andrew Molitor (in a post on alt.fan.pern)
Message no. 3
From: "Robert A. Hayden" <hayden@*******.MANKATO.MSUS.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Fri, 3 Dec 1993 10:50:51 -0600
C) LOS transmisssions with tight-beam uni-directional antennas

D) Ungodly encryption keys. DES is pissy in terms of its crackability
(it takes about 18 hours or so for crack to do /etc/passwd on our system,
and that's 400+ names) . Imagine a PGP-like key, but that was something
like, oh, 32k for EACH key. Coupled with one-time keys that will never
be reused.

____ Robert A. Hayden <=> hayden@*******.mankato.msus.edu
\ /__ -=-=-=-=- <=> -=-=-=-=-
\/ / Finger for Geek Code Info <=> Veteran of the Bermuda Triangle
\/ Finger for PGP 2.3a Public Key <=> Expeditionary Force -- 1993-1951
-=-=-=-=-=-=-=-
(GEEK CODE 1.0.1) GAT d- -p+(---) c++(++++) l++ u++ e+/* m++(*)@ s-/++
n-(---) h+(*) f+ g+ w++ t++ r++ y+(*)
Message no. 4
From: The Reverend <mdb0213@******.TAMU.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Fri, 3 Dec 1993 12:56:45 -0600
]Actually, what they have is /plans/ for an MPP chip that could break
]DES-encrypted files, given lots of money to produce. They are not in
]production at this time, and probably never will be. And they won't break
]other cyphers such as IDEA.
Okay... I wasn't sure about this. Someone on one of the newsgroups I read
mentioned that they WERE in production, but I wasn't sure.

However, the idea that I _meant_ to ask was "what if?" I know it's unfeasable,
but it's an interesting proposition. Im curious as to what everyone
(especially you, Carter, Hayden, Robeson and a couple others) think the SR
world would be like if NO code was truly secure.

]mdb0213> (a) moved off of the matrix. More of those "independent"
]mdb0213> systems that you see occasionally in modules. Computers that
]mdb0213> have a lot more physical security on them than cryptographic.
]
]Extremely sensitive data will never be on the net in the first place. This
]is the biggest flaw in any netrunning you'll see.
I'll agree with this one. It seems odd that FASA is of the opinion that
EVERYTHING is on the Matrix. It's not know, and won't be in the future.


]mdb0213> (b) moved off of computers.
]
]Doubt it. Too much information to deal with harcopy.
I agree, but I could see the REALLY important stuff being put on microfiche,
or CDs. I believe shadowplay covers a device that can read from fiber-optics
at range (something which, if I've read my Popular Science's right, is about as
feasible as the Sneakers Box).

Rev
---
The Reverend "They called me the Reverend when I entered the church unstained"
Fear the Information Revolution...for it has reached the hands of the strange.
PGP 2.2 Public Key Block available upon request
Message no. 5
From: mike klein <klein@******.OSWEGO.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Fri, 3 Dec 1993 15:10:35 -0500
After seeing the movie, i would think that applying the box to shadowrn
would turn "too many secrets" to " not enough secrets"
A deckers worst nightmare. The fact being precious information that the
corporations pay for, that pay off the bills would be free for everyone.

Well i never did like the matrix anyways

mk
Message no. 6
From: Seth Buntain <enthar@*******.EECS.NWU.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Fri, 3 Dec 1993 14:30:54 -0600
On this topic...

Has anyone read David Brins book _Earth_? A extremely well done vision of the
future IMHO. In it he describes a version of the net that has almost NO
security at all (has to do with people being paranoid about secrets, and a big
war against the 'gnomes' of zurich, an Illuminati like group. Read the book :)
The basic way that people kept things secret was that there was way too much
info to sort and review. Course, that only applies to the common citizen, (see
the National Security Agency here in the US, and various comprable agencies
elsewhere.) Course, Cyberpunk is based on the idea of secrets, but it would
be interesting to run a campaign in a world like that...

(ramble ramble ramble. Its what happens after sitting down and actually
READING 140 messeges all in a row. Especially when some of them are like 200
lines long or somethig. gah. :)

--
Seth Buntain | (Space available for nifty quote)
Enthar the Eternal, Andrew the Awesome |
(V 1.01) GE d -p+ c++ l u e+(*) m(++) s/- !n h- f+ g- w+ t+(++) r+(++) !y
"It's a damn poor man who can't spell a wyrd in more than one way!"
-Thomas Jefferson
My opinions, comments and even facts are all mine.
Message no. 7
From: The Reverend <mdb0213@******.TAMU.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Fri, 3 Dec 1993 14:46:13 -0600
]A deckers worst nightmare. The fact being precious information that the
]corporations pay for, that pay off the bills would be free for everyone.

Actually, they'd wind up changing types of occupations. Instead of trying
to steal the info, they might wind up getting paid to FIND the info!
Currently, I'm my group's "fixer", in certain respects. I try to find info
that they want/like/need, as well as things (like the Witches of Eastwick
soundtrack... anyone got a copy they could copy for me?). The internet, as it
stands, is a huge, unsorted library. The decker's could make their money by
FINDING the info.

Rev
---
The Reverend "They called me the Reverend when I entered the church unstained"
Fear the Information Revolution...for it has reached the hands of the strange.
PGP 2.2 Public Key Block available upon request
Message no. 8
From: Robert Watkins <bob@**.NTU.EDU.AU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Sat, 4 Dec 1993 22:47:57 +0930
>
>A friend of mine had an interesting though, with interesting applications.
>I don't know whether or not this is likely to happen, though I doubt that it
>would in the way that she thought.
>
>Proposition: the "box" from Sneakers exists. This is unlikely, although now
>there are machines that can break DES in a matter of hours. (If the machines
>don't exist, then I know that someone just recently published a paper on how
>to do it, with an inverse correlation between time to crack and millions spent)
>
Well, before I go to my response, some things:
1) There is more than one paradigm for encryption. The Soviets, for example,
really do use different ways to encrypt data than the rest of the world. And
the Sneakerbox wouldn't crack Soviet code, just Western.
2) It's known now how to decrypt code used by Western paradigms. You just have
to guess the prime numbers used and you're laughing. Or guess the means they
use to ensure randomness, and reverse-engineer it. (I think that's what the
Sneakers box used).

So all you really need to do is switch to another paradigm, or change the
random method (and there really are some completely random ways of doing
things)

>Consequences:
> Computer security would take a nosedive. If you have a box that can
> decrypt anything, extremely sensitive information is going to be either
>
> (a) moved off of the matrix. More of those "independent" systems that you
> see occasionally in modules. Computers that have a lot more physical
> security on them than cryptographic.
Well, that's the smart thing to do anyway. All encryption can be broken if
you try hard enough.

>
> (b) moved off of computers. Paper comes back as the premier carrier of
> confidential information. Sneakernet comes back with a VENGENANCE,
> couriers become fairly important, seeing as they would be one of the
> few ways of moving confidential infomation from one place to the other.
> It would be more important for people to be able to verify that the
> info received is the correct stuff. More in-person meetings, perhaps?
>
Yeah, and nay. Paper isn't an easy way to carry information.
As an example, I recently had a file about one meg large printed off. It filled
the better part of an arch ring folder. Given all the fancy stuff people want,
paper is VERY inefficent.
Couriers delivering optical chips, I can see.

--
Robert Watkins bob@******.cs.ntu.edu.au
Real Programmers never work 9 to 5. If any real programmers are around at 9 am,
it's because they were up all night.
Message no. 9
From: Richard Pieri <ratinox@***.NEU.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Sat, 4 Dec 1993 21:17:36 EST
>>>>> On Sat, 4 Dec 1993 22:47:57 +0930 (CST), Robert Watkins
>>>>> <bob@**.ntu.edu.au> said:

bob> 1) There is more than one paradigm for encryption. The Soviets, for
bob> example, really do use different ways to encrypt data than the rest of
bob> the world. And the Sneakerbox wouldn't crack Soviet code, just
bob> Western.

True. There are /lots/ of cryptosystems in use today, and while they share
many things in common they also have significant differences.

bob> 2) It's known now how to decrypt code used by Western paradigms. You
bob> just have to guess the prime numbers used and you're laughing. Or
bob> guess the means they use to ensure randomness, and reverse-engineer
bob> it. (I think that's what the Sneakers box used).

But actually /doing/ this with an IDEA or tripple-DES cypher will take an
inordanantly long time (of course I firmly believe that the NSA has a back
door into DES, otherwise why won't they allow it to be used for sensitive
information?). /Any/ cypher can be cracked, given enough time and
persistance. The trick is making it take so much time and resources that a
cryptanalytical attack is rendered useless.

bob> So all you really need to do is switch to another paradigm, or change
bob> the random method (and there really are some completely random ways of
bob> doing things)

And computers aren't one of them. Contrary to popular belief, a computer
cannot generate truely random numbers but they can do a reasonable job with
pseudo-random numbers that meet certain randomness tests.

--
Rat <ratinox@***.neu.edu> Northeastern's Stainless Steel Rat
PGP 2.x Public Key Block available upon request
GAT d@ -p+ c++ !l u+ e+(*) m-(+) s n---(+) h-- f !g(+) w+ t- r+ y+
||| | | | | | | | | | | | | | | | | | | | | | | |||
... and I didn't even need pants! --Dilbert [Scott Adams]
Message no. 10
From: "Stephen R. Wilcoxon" <wilcoxon@****.EDU>
Subject: Re: Sneakernet and Non-secure cryptography.
Date: Tue, 21 Dec 1993 02:30:14 -0500
> Proposition: the "box" from Sneakers exists. This is unlikely, although
now
> there are machines that can break DES in a matter of hours. (If the machines
> don't exist, then I know that someone just recently published a paper on how
> to do it, with an inverse correlation between time to crack and millions spen
t)
>
> Consequences:
> Computer security would take a nosedive. If you have a box that can
> decrypt anything, extremely sensitive information is going to be either
>
> (a) moved off of the matrix. More of those "independent" systems that
you
> see occasionally in modules. Computers that have a lot more physical
> security on them than cryptographic.
>
> (b) moved off of computers. Paper comes back as the premier carrier of
> confidential information. Sneakernet comes back with a VENGENANCE,
> couriers become fairly important, seeing as they would be one of the
> few ways of moving confidential infomation from one place to the othe
r.
> It would be more important for people to be able to verify that the
> info received is the correct stuff. More in-person meetings, perhaps

Hmm. I think off-net computers would still be used alot. As to
transfering data, take a look at Cyberspace - there's a piece of headware
that is basically memory that the courier can't access, they would just
encrypt the data and put it in (or they could always install a cortex bomb
and have the trigger be any sort of tampering with the headware (could get
kind of expensive in couriers though))...


Twilight

The Crystal Wind is the Storm, and the Storm is Data, and the Data is Life.
-- The Player's Litany

Further Reading

If you enjoyed reading about Sneakernet and Non-secure cryptography., you may also be interested in:

Disclaimer

These messages were posted a long time ago on a mailing list far, far away. The copyright to their contents probably lies with the original authors of the individual messages, but since they were published in an electronic forum that anyone could subscribe to, and the logs were available to subscribers and most likely non-subscribers as well, it's felt that re-publishing them here is a kind of public service.