📑 Table of Contents

In cryptography, black-bag cryptanalysis is a euphemism for the acquisition of cryptographic secrets via burglary, or other covert means – rather than mathematical or technical cryptanalytic attack. The term refers to the black bag of equipment that a burglar would carry or a black bag operation.

As with rubber-hose cryptanalysis, this is technically not a form of cryptanalysis; the term is used sardonically. However, given the free availability of very high strength cryptographic systems, this type of attack is a much more serious threat to most users than mathematical attacks because it is often much easier to attempt to circumvent cryptographic systems (e.g. steal the password) than to attack them directly.

Regardless of the technique used, such methods are intended to capture highly sensitive information e.g. cryptographic keys, key-rings, passwords or unencrypted plaintext. The required information is usually copied without removing or destroying it, so capture often takes place without the victim realizing it has occurred.

Methods

edit

In addition to burglary, the covert means might include the installation of keystroke logging[1] or trojan horse software or hardware installed on (or near to) target computers or ancillary devices. It is even possible to monitor the electromagnetic emissions of computer displays or keyboards[2][3] from a distance of 20 metres (or more), and thereby decode what has been typed. This could be done by surveillance technicians, or via some form of bug concealed somewhere in the room.[4] Although sophisticated technology is often used, black bag cryptanalysis can also be as simple as the process of copying a password which someone has unwisely written down on a piece of paper and left inside their desk drawer.

The case of United States v. Scarfo highlighted one instance in which FBI agents using a sneak and peek warrant placed a keystroke logger on an alleged criminal gang leader.[5]

See also

edit

References

edit
  1. ^ "Remote Password Stealer 2.7". Download3K. Archived from the original on 2008-09-20.
  2. ^ Elinor Mills (March 20, 2009). "Sniffing keystrokes via laser and keyboard power". ZDNet.
  3. ^ "Snooping through the power socket". BBC News. July 13, 2009.
  4. ^ "Keyboard sniffers to steal data". BBC News. October 21, 2008.
  5. ^ "United States v. Scarfo, Criminal No. 00-404 (D.N.J.)". Electronic Privacy Information Center.
edit

📚 Artikel Terkait di Wikipedia

Cryptanalysis

Length extension attack Black-bag cryptanalysis Man-in-the-middle attack Power analysis Replay attack Rubber-hose cryptanalysis Timing analysis Quantum

Black Bag (disambiguation)

espionage technique, referring to the black bag of equipment that a burglar would carry Black-bag cryptanalysis, stealing of cryptographic secrets via

Pretty Good Privacy

probably use easier means than standard cryptanalysis, e.g. rubber-hose cryptanalysis or black-bag cryptanalysis (e.g. installing some form of trojan horse

Keystroke logging

be effective against some hardware keyloggers. Anti-keylogger Black-bag cryptanalysis Computer surveillance Cybercrime Digital footprint Hardware keylogger

Differential cryptanalysis

Differential cryptanalysis is a general form of cryptanalysis applicable primarily to block ciphers, but also to stream ciphers and cryptographic hash

Outline of cryptography

Man-in-the-middle attack Replay attack External attacks Black-bag cryptanalysis Rubber-hose cryptanalysis Provable security Random oracle model Ciphertext

Twofish

2000[update], the best published cryptanalysis of the Twofish block cipher is a truncated differential cryptanalysis of the full 16-round version. The

Skipjack (cipher)

than exhaustive search) within months using impossible differential cryptanalysis. A truncated differential attack was also published against 28 rounds