312-50V11 · Question #884
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
The correct answer is B. Extraction of cryptographic secrets through coercion or torture.. A rubber-hose attack bypasses mathematical cryptanalysis entirely by using physical coercion or threats to force a person to reveal cryptographic keys or plaintext.
Question
In the field of cryptanalysis, what is meant by a "rubber-hose" attack?
Options
- AAttempting to decrypt cipher text by making logical assumptions about the contents of the original
- BExtraction of cryptographic secrets through coercion or torture.
- CForcing the targeted key stream through a hardware-accelerated device such as an ASIC.
- DA backdoor placed into a cryptographic algorithm by its creator.
How the community answered
(49 responses)- A4% (2)
- B92% (45)
- C2% (1)
- D2% (1)
Why each option
A rubber-hose attack bypasses mathematical cryptanalysis entirely by using physical coercion or threats to force a person to reveal cryptographic keys or plaintext.
Making logical assumptions about plaintext from ciphertext describes a ciphertext-only or known-plaintext cryptanalytic attack, which is a mathematical technique, not coercion.
The rubber-hose attack is named as dark humor for physically coercing - such as beating someone with a rubber hose - an individual into disclosing their password, passphrase, or encryption key. Unlike computational attacks, it targets the human holding the secret rather than the algorithm itself. This highlights that the human element is often the weakest link in any cryptographic system, regardless of how mathematically strong the algorithm is.
Forcing a key stream through hardware acceleration such as an ASIC describes a brute-force or hardware-accelerated cryptanalysis attack, which targets the algorithm computationally.
A backdoor placed into an algorithm by its creator describes a kleptographic or trapdoor attack, which is a design-level compromise, not coercion of a person.
Concept tested: Rubber-hose cryptanalysis - coercion-based key extraction
Source: https://csrc.nist.gov/glossary/term/side_channel_attack
Topics
Community Discussion
No community discussion yet for this question.