Rubber-hose cryptanalysis

From Wikipedia, the free encyclopedia

In cryptography, rubber-hose cryptanalysis is an euphemism for the extraction of cryptographic secrets from a person by torture, in contrast to a mathematical or technical cryptanalytic attack. The term refers to beatings with a rubber hose, a form of torture.

The term originated in the sci.crypt newsgroup in a message posted 16 October 1990 by Marcus J. Ranum, alluding to Bastinado:

...the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive).[1]

Although the term is flippant, its implications are not. In modern cryptosystems, human beings are often the weakest link. A direct attack on a cipher algorithm, or the cryptographic protocols used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum, such as in key generation or key use, so that threats to operators or other personnel will be ineffective in breaking the system. The expectation is that rational adversaries will realize this, and forego threats or actual torture.

In some jurisdictions, statutes assume the opposite — that human operators know or have access to such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the UK RIP Act, which has made it a crime to not surrender keys on proper demand from a government official as authorized in the statute. That users (even owners) of some cryptosystems may not be able to do so (having been made somewhat immune to rubber-hose attacks as noted above) causes difficulty with the underlying presumptions of such enactments. One possible interpretation of this is that legislation such as RIP is intended to exert a chilling effect on the use of cryptography.

  1. ^ http://groups.google.com/groups?selm=slrna4f83p.mim.eric%40ehome.inhouse
Retrieved from "http://en.wikipedia.org../../../r/u/b/Rubber-hose_cryptanalysis.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.