Rubber-hose Cryptanalysis

In cryptography, rubber-hose cryptanalysis is the extraction of cryptographic secrets from a person by torture, in contrast to a mathematical or technical cryptanalytic attack. The term refers to beatings with a rubber hose, a form of torture. The term originated in the sci.crypt newsgroup in a message posted 16 October 1990 by Marcus J. Ranum, alluding to Bastinado:
...the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive) http://groups.google.com/groups?selm=slrna4f83p.mim.eric%40ehome.inhouse.
Although the term is flippant, its implications are not. In modern cryptosystems, human beings are often the weakest link. A direct attack on a cipher algorithm, or the cryptographic protocols used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum, such as in key generation or key use, so that threats to operators or other personnel will be ineffective in breaking the system. The expectation is that rational adversaries will realize this, and forego threats of or actual torture. In some jurisdictions, statutes assume the opposite — that human operators know or have access to such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the UK RIP Act, which has made it a crime not to surrender keys on proper demand from a government official as authorized in the statute. That users (even owners) of some cryptosystems may not be able to do so (having been made somewhat immune to rubber-hose attacks as noted above) causes difficulty with the underlying presumptions of such enactments. One possible interpretation of this is that legislation such as RIP is intended to exert a chilling effect on the use of cryptography.

See also

 

<< PreviousWord BrowserNext >>
shakeel badayuni
national geospatial intelligence agency
panchatantra
appeal to belief
colgate palmolive
eis
i have returned
boredom
bill (weapon)
george hendrik breitner
canopic jar
sore
appeal to ridicule
alberni quartet
allegri quartet
appetite
sequence analysis
tom clancy's net force
koryu
denying the correlative
fatigue (physical)
algor mortis
suction
rendezvous problem
bibliotheca universalis
suck
questionable cause
axolotl
acton town tube station
baker street tube station
guilt by association
foreign legion
ju si gyeong
misleading vividness
list of malaysian companies
informal logic
blind thrust earthquake
spearman's rank correlation coefficient
highbury & islington station
emily o'reilly
matthew green
bombardier beetle
public schools act
chris bryant
Copyright 2005-2009 OnPedia.com. All Rights Reserved