In
cryptography
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, black-bag cryptanalysis is a
euphemism
A euphemism ( ) is when an expression that could offend or imply something unpleasant is replaced with one that is agreeable or inoffensive. Some euphemisms are intended to amuse, while others use bland, inoffensive terms for concepts that the u ...
for the acquisition of cryptographic secrets via
burglary
Burglary, also called breaking and entering (B&E) or housebreaking, is a property crime involving the illegal entry into a building or other area without permission, typically with the intention of committing a further criminal offence. Usually ...
, or other covert means – rather than mathematical or technical
cryptanalytic attack. The term refers to the black bag of equipment that a burglar would carry or a
black bag operation.
As with
rubber-hose cryptanalysis, this is technically not a form of cryptanalysis; the term is used
sardonically. However, given the free availability of very high strength cryptographic systems, this type of attack is a much more serious threat to most users than mathematical attacks because it is often much easier to attempt to circumvent cryptographic systems (e.g. steal the password) than to attack them directly.
Regardless of the technique used, such methods are intended to capture highly sensitive information e.g.
cryptographic key
A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm
In mathematics and computer science, an algorithm () is a finite sequenc ...
s, key-rings,
password
A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
s or unencrypted plaintext. The required information is usually copied without removing or destroying it, so capture often takes place without the victim realizing it has occurred.
Methods
In addition to burglary, the covert means might include the installation of
keystroke logging or
trojan horse
In Greek mythology, the Trojan Horse () was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer, Homer's ''Iliad'', with the poem ending ...
software or hardware installed on (or near to) target computers or ancillary devices. It is even possible to
monitor the electromagnetic emissions of computer displays or keyboards from a distance of 20 metres (or more), and thereby decode what has been typed. This could be done by surveillance technicians, or via some form of
bug concealed somewhere in the room. Although sophisticated technology is often used, black bag cryptanalysis can also be as simple as the process of copying a password which someone has unwisely written down on a piece of paper and left inside their desk drawer.
The case of ''United States v. Scarfo'' highlighted one instance in which FBI agents using a
sneak and peek warrant placed a keystroke logger on an alleged criminal gang leader.
See also
*
*
*
*
References
External links
{{DEFAULTSORT:Black-Bag Cryptanalysis
Cryptographic attacks
Espionage techniques
Theft
Euphemisms