So in the case of public key encryption, a file or system can't be accessed without the private key, right? Does Exploit software circumnavigate that whole issue or do you still need the private key to even attempt the hack?
Do you just need to buy the Encryption software to encrypt things? How about quantum encryption?
On a similar note, is there a difference between hacking a system and hacking a particular file, especially if it's encrypted?
Thanks for the help.
Welcome! These forums will be deactivated by the end of this year. The conversation continues in a new morph over on Discord! Please join us there for a more active conversation and the occasional opportunity to ask developers questions directly! Go to the PS+ Discord Server.
Encryption and Exploit software
Thu, 2015-09-10 14:16
#1
Leetsepeak
Encryption and Exploit software
Thu, 2015-09-10 14:51
#2
nezumi.hebereke
You cannot directly attack an
You cannot directly attack an encrypted file, unless it was encrypted improperly (using an old or broken algorithm, or an improperly configured tool). However, you can frequently attack the system that supports it. So for example, you might attack the sender to find the unencrypted file or recipient's computer to find the private key.
You only need encryption software to encrypt. You need a quantum computer to use quantum encryption (and so does your recipient).
Not sure what the last question means exactly. Usually you can't access the encrypted file unless you have access to the system it resides on. But if you have access to it already, the process of decrypting it would be very different from getting access to a computer system.
Thu, 2015-09-10 16:28
#3
ORCACommander
you do not hack files, you
you do not hack files, you hack internet networks. once you are broken through the network you have complete access to every device on it, from there you use exploits in their operating systems to seize control and bypass local permissions. if you are after a specific file and its encrypted no amount of hacking will stop it from being encrypted. you will need to pull the file to your system to begin decryption
https://www.khanacademy.org/computing/computer-science/cryptography
Thu, 2015-09-10 16:50
#4
Leetsepeak
So a system itself can't be
So a system itself can't be encrypted such that you can't access it without a private key? Like if I'm on a habitat and I want to access the security VPN, isn't that encrypted? And if it's encrypted, I can't hack it directly, right? I have to hack something on it, THEN hack the network via that connection?
On that same note, when hacking a system such as Security, do you just hack Security itself then gain access to all the subsystems? Or do I have to hack each of them directly? If I don't have to hack each subsystem (i.e. "security drones" versus "security spimes" on the Security VPN) do I make subversion tests to access them?
Thu, 2015-09-10 18:41
#5
ORCACommander
a lot depends on how the
a lot depends on how the organization has organized things. A smart security admin will isolate certain systems so no one could have unilateral control from one compromised node
I do not really understand public and private keys myself so i will let others explain. https://en.wikipedia.org/wiki/Public-key_cryptography
however: Access is different from being able to read the content. you want in to the security vpn you must find a way for it to access it. Brute force, spoofing, exploits ect. the best way is for it to think you are a legitimate user.
once you are on there you can intercept the traffic and then you would need to decrypt it. how you do that... if you can get a hold of the keys involved, great simple easy, if not your may have to brute force through an rng, dictionary attacks... crypto is not my specialty :P
Thu, 2015-09-10 22:13
#6
Maudova
Seed AI, Back Door, or Man-in-the-Middle
To gain access to a VPN before the attempted intrusion is detected via brute force would be practically impossible unless you had enough computational power to decrypt the key as it being transmitted in real time. Which would most likely require something in the realm of a fully realized singularity level intelligence.
It's much easier to break into a system attached to a device that is connected to the VPN, giving yourself admin access, and then creating a backdoor to monitor it from the inside or steal the encryption keys, redirect the VPN traffic to your relay, creating a man-in-the-middle attack where you intercept all the traffic with the key so it's decrypted. Allowing you to not only monitor the traffic but modify it. Of course as long as you are spoofing the source and destination! Isn't the mesh fun?
—
~Alpha Fork Initialized.
P.S. I often post from my phone as I travel extensively for work. Please forgive typos and grammar issues.
Thu, 2015-09-10 22:36
#7
Leetsepeak
That all sounds right, I'm
That all sounds right, I'm just trying to understand it in game mechanics terms and I'm not a particularly gifted guy when it comes to computers.
So to clarify what you're saying: No, you cannot hack a system that's encrypted (such as a VPN) you must hack a device that's on that VPN first, and then you can hack the VPN itself?
Am I misunderstanding that?
As the next part of that question, how can you figure out which devices are on a VPN? Sniffing software?
Thu, 2015-09-10 23:11
#8
Maudova
Not if the rules have anything to say about it...
As per the game rules, Pg 252 Core, it says you can't sniff VPN traffic:
"Note that sniffing does not work on encrypted traffic (including VPNs and anything else using public key cryptography)"
I would say that since the mesh is a broadcasted wireless communication medium that if you already had the encryption key, you were able to intercept the traffic, you were spoofing the hardware and software address of the intended target, and you had your side configured to, you would probably be able to get packets and decrypt them. That is assuming EP is using similar technology we are using now. By the game rule, no you can't.
—
~Alpha Fork Initialized.
P.S. I often post from my phone as I travel extensively for work. Please forgive typos and grammar issues.
Fri, 2015-09-11 09:26
#9
ORCACommander
the vpn is not encrypted. its
the vpn is not encrypted. its content is what is encrypted. and sometimes it won't be encrypted. easy example, Http vs https, anything communicating over http is going to be uncrypted and transmitted in the clear. https interactions are encrypted. however both can be intercepted in route.
as for game mechanics, hacking is best handled as high level abstract rather than the minutia. step 1 gain access, step 2 intercept data or find data, step 3 pull out, step 4 find a why to decrypt the data. If you want to use hardware on a network you have gained access to you just use it provided it recognises you have the proper credentials. if not then you need to find a why to byp[ass or override its security. but once you gain access to the device there is no need for crypto
Mon, 2015-09-21 16:41
#10
Leetsepeak
Another clarifying question
Another clarifying question going back to the question about systems.
![]()
http://i.imgur.com/EKhAe0W.png
Am I hacking Exterior Systems or Airship Mooring Cables and Helipad Mooring Clamps individually?
Tue, 2015-10-20 16:56
#11
nezumi.hebereke
Regarding VPNs and networks..
Regarding VPNs and networks...
Encrypting your entire network is a tough choice to make. It limits performance, it's a pain to maintain and liable to communications failures, it requires key distribution, and a few smart techies to do everything. What's the gain? If you're on a small ship, probably nothing. The wide gap of space counts as an air gap (or I guess, a vacuum gap :P) The difficulty of getting ON the ship is enough of a defense. For a giant habitat, you'll want to encrypt the portions of your network that require it (probably using VPN) but not the other bits.
So the first point is, just because it's secure doesn't mean it's encrypted.
Encryption is fantastic when done properly. Doing properly is difficult. There's a lot of encryption techniques with known vulnerabilities, and tools available to exploit them (reducing the time to decryption to days, hours, or seconds, depending on the encryption method and vulnerability). Is this VPN configured properly?
If the VPN is connected properly, then it's going to be very, very hard to attack it directly. As Leet pointed out, the easiest point of attack is the end device. If it's not a hardened device (or a security conscious person), normal attacks should suffice.
If the VPN is configured properly and the device is configured properly, break one of them. When the tools don't work, there's always an alternate method of giving people access so they can work. The alternate method is frequently (but not always) less secure than the normal method.
All of these are unavailable? Attack the user. Really, the user should be the first place you attack. Most famous hacker in the world, Kevin Mitnick, hacked by calling people on the phone and pretending to be a tech. You can do that too.
This also does assume you want realism. If you or your GM isn't up to it, there's no shame in just throwing some dice and going with that.
Tue, 2015-10-20 17:37
#12
Trappedinwikipedia
One thing that's worth noting
One thing that's worth noting for breaking into really secure systems is that it's usually easier to forknap an admin and beat their ego with virtual hoses until they give you access than to break encryption with a brute force technique. One week with a quantum computer, vs 60x simulspace torture, the breakeven point happens if the target can withstand more than a subjective year of psychotorture. Of course, anyone who sysadmins something important will know that, so forknapping them might be hard. It's also morally pretty black, but between 9Lives and "greater good" arguments it can't be that rare.