Rubber-hose cryptanalysis

In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture—such as beating that person with a rubber hose, hence the name—in contrast to a mathematical or technical cryptanalytic attack. According to Amnesty International and the UN, many countries in the world routinely torture people. It is therefore logical to assume that at least some of those countries use (or would be willing to use) some form of rubber-hose cryptanalysis. In practice, psychological coercion can prove as effective as physical torture. Not physically violent but highly intimidating methods include such tactics as the threat of harsh legal penalties. The incentive to cooperate may be some form of plea bargain, such as an offer to drop or reduce criminal charges against a suspect in return for full co-operation with investigators. Alternatively, in some countries threats may be made to prosecute as co-conspirators (or inflict violence upon) close relatives (e.g. spouse, children, or parents) of the person being questioned unless they co-operate. In some contexts, rubber-hose cryptanalysis may not be a viable attack because of a need to decrypt data covertly; information such as a password may lose its value if it is known to have been compromised. It has been argued that one of the purposes of strong cryptography is to force adversaries to resort to less covert attacks. The earliest known use of the term was on the sci.crypt newsgroup, in a message posted 16 October 1990 by Marcus J. Ranum, alluding to corporal punishment: the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive). Although the term is used tongue-in-cheek, its implications are serious: in modern cryptosystems, the weakest link is often the human user.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related concepts (2)

Related courses (1)

Related lectures (11)

COM-501: Advanced cryptography

This course reviews some failure cases in public-key cryptography. It introduces some cryptanalysis techniques. It also presents fundamentals in cryptography such as interactive proofs. Finally, it pr

Cryptography

Cryptography, or cryptology (from κρυπτός "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others.

Brute-force attack

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.

Cryptanalysis: Public-Key COM-501: Advanced cryptography

Explores cryptanalysis in public-key cryptography, covering attacks, algorithms, and security models.

Cryptanalysis: Decorrelation & Proving Security COM-501: Advanced cryptography

Explores cryptanalysis through decorrelation techniques and proving security in conventional cryptography, covering topics like distinguishing functions, matrices, and the random oracle model.

Cryptanalysis: Public-Key & The Power of Interaction COM-501: Advanced cryptography

Explores cryptanalysis in public-key systems and the power of interaction in interactive proofs, covering CO-NP, NP classes, P vs. NP, and more.