AllExperts > Encyclopedia 
Search      
Find out about volunteering to AllExperts

Rubber-hose cryptanalysis: Encyclopedia BETA


Free Encyclopedia
 Home · Index · Browse A-Z  · Questions and Answers ·
Encyclopedia

Browse A-Z
ABCDEFGHIJKLMNOPQRSTUVWXYZNum


License
Disclaimer

 
 
 
 
Free Online Courses
12 Weeks to Weight Loss
Take Charge of Stress
Learn How to Bake
Budgeting 101
Deeper Faith
DIY Fashion Makeover

       MORE E-COURSES
 
   

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  Misc

Rubber-hose cryptanalysis

In cryptography, rubber-hose cryptanalysis is an euphemism for the extraction of cryptographic secrets from a person by torture, in contrast to a mathematical or technical cryptanalytic attack. The term refers to beatings with a rubber hose, a form of torture.

The term originated in the sci.crypt newsgroup in a message posted 16 October 1990 by Marcus J. Ranum, alluding to Bastinado: : ...the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive) [1].

Although the term is flippant, its implications are not. In modern cryptosystems, human beings are often the weakest link. A direct attack on a cipher algorithm, or the cryptographic protocols used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum, such as in key generation or key use, so that threats to operators or other personnel will be ineffective in breaking the system. The expectation is that rational adversaries will realize this, and forego threats or actual torture.

In some jurisdictions, statutes assume the opposite — that human operators know or have access to such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the UK RIP Act, which has made it a crime to not surrender keys on proper demand from a government official as authorized in the statute. That users (even owners) of some cryptosystems may not be able to do so (having been made somewhat immune to rubber-hose attacks as noted above) causes difficulty with the underlying presumptions of such enactments. One possible interpretation of this is that legislation such as RIP is intended to exert a chilling effect on the use of cryptography.

See also

* Deniable encryption
* Social engineering (computer security)



Email this page
About Us | Advertise on This Site | User Agreement | Privacy Policy | Kids' Privacy Policy | Help
About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.
This is the "GNU Free Documentation License" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.