Black-bag cryptanalysis

In cryptography, black-bag cryptanalysis is a euphemism for the acquisition of cryptographic secrets via burglary, or other covert means – rather than mathematical or technical cryptanalytic attack. The term refers to the black bag of equipment that a burglar would carry or a black bag operation.

As with rubber-hose cryptanalysis, this is technically not a form of cryptanalysis; the term is used sardonically. However, given the free availability of very high strength cryptographic systems, this type of attack is a much more serious threat to most users than mathematical attacks because it is often much easier to attempt to circumvent cryptographic systems (e.g. steal the password) than to attack them directly.

Regardless of the technique used, such methods are intended to capture highly sensitive information e.g. cryptographic keys, key-rings, passwords or unencrypted plaintext. The required information is usually copied without removing or destroying it, so capture often takes place without the victim realizing it has occurred.

Methods

In addition to burglary, the covert means might include the installation of keystroke logging^[1] or trojan horse software or hardware installed on (or near to) target computers or ancillary devices. It is even possible to monitor the electromagnetic emissions of computer displays or keyboards^[2]^[3] from a distance of 20 metres (or more), and thereby decode what has been typed. This could be done by surveillance technicians, or via some form of bug concealed somewhere in the room.^[4] Although sophisticated technology is often used, black bag cryptanalysis can also be as simple as the process of copying a password which someone has unwisely written down on a piece of paper and left inside their desk drawer.

The case of United States v. Scarfo highlighted one instance in which FBI agents using a sneak and peek warrant placed a keystroke logger on an alleged criminal gang leader.^[5]

References

^ "Remote Password Stealer 2.7". Download3K. Archived from the original on 2008-09-20.
^ Elinor Mills (March 20, 2009). "Sniffing keystrokes via laser and keyboard power". ZDNet.
^ "Snooping through the power socket". BBC News. July 13, 2009.
^ "Keyboard sniffers to steal data". BBC News. October 21, 2008.
^ "United States v. Scarfo, Criminal No. 00-404 (D.N.J.)". Electronic Privacy Information Center.

External links

Jurat Blockchain

[1] "Remote Password Stealer 2.7". Download3K. Archived from the original on 2008-09-20.

[2] Elinor Mills (March 20, 2009). "Sniffing keystrokes via laser and keyboard power". ZDNet.

[3] "Snooping through the power socket". BBC News. July 13, 2009.

[4] "Keyboard sniffers to steal data". BBC News. October 21, 2008.

[5] "United States v. Scarfo, Criminal No. 00-404 (D.N.J.)". Electronic Privacy Information Center.

v t e Block ciphers (security summary)
Common algorithms	AES Blowfish DES (internal mechanics, Triple DES) Serpent SM4 Twofish
Less common algorithms	ARIA Camellia CAST-128 GOST IDEA LEA RC5 RC6 SEED Skipjack TEA XTEA
Other algorithms	3-Way Adiantum Akelarre Anubis Ascon BaseKing BassOmatic BATON BEAR and LION CAST-256 Chiasmus CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi Kalyna KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Kuznyechik Ladder-DES LOKI (97, 89/91) Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Prince Q RC2 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK Simon Speck Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES xmx XXTEA Zodiac
Design	Feistel network Key schedule Lai–Massey scheme Product cipher S-box P-box SPN Confusion and diffusion Round Avalanche effect Block size Key size Key whitening (Whitening transformation)
Attack (cryptanalysis)	Brute-force (EFF DES cracker) MITM Biclique attack 3-subset MITM attack Linear (Piling-up lemma) Differential Impossible Truncated Higher-order Differential-linear Distinguishing (Known-key) Integral/Square Boomerang Mod n Related-key Slide Rotational Side-channel Timing Power-monitoring Electromagnetic Acoustic Differential-fault XSL Interpolation Partitioning Rubber-hose Black-bag Davies Rebound Weak key Tau Chi-square Time/memory/data tradeoff
Standardization	AES process CRYPTREC NESSIE
Utilization	Initialization vector Mode of operation Padding

Black-bag cryptanalysis

Methods

See also

References

External links