World Library  
Flag as Inappropriate
Email this Article

Black-bag cryptanalysis

Article Id: WHEBN0010418098
Reproduction Date:

Title: Black-bag cryptanalysis  
Author: World Heritage Encyclopedia
Language: English
Subject: Pretty Good Privacy, Keystroke logging, Cryptanalysis, Outline of cryptography
Collection: Cryptographic Attacks, Espionage Techniques, Euphemisms, Theft
Publisher: World Heritage Encyclopedia

Black-bag cryptanalysis

In cryptography, black-bag cryptanalysis is a euphemism for the acquisition of cryptographic secrets via burglary, or the covert installation of keystroke logging[1] or trojan horse software/hardware installed on (or near to) target computers or ancillary devices. It is even possible to monitor the electromagnetic emissions of computer displays or keyboards[2][3] from a distance of 20 metres (or more), and thereby decode what has been typed. This could be done by surveillance technicians, or via some form of bug concealed somewhere in the room.[4] Although sophisticated technology is often used, black bag cryptanalysis can also be as simple as the process of copying a password which someone has unwisely written down on a piece of paper and left inside their desk drawer.

Regardless of the technique used, such methods are intended to capture highly sensitive information e.g. cryptographic keys, key-rings, passwords or unencrypted plaintext. The required information is usually copied without removing or destroying it, so capture often takes place without the victim(s) realising it has occurred. Black-bag cryptanalysis is in contrast to a mathematical or technical cryptanalytic attack. The term refers to the black bag of equipment that a burglar would carry or a black bag operation.

The case of United States v. Scarfo highlighted one instance in which FBI agents using a "sneak and peek" search warrant placed a keystroke logger on an alleged criminal gang leader.[5]

As with rubber-hose cryptanalysis, this is technically not a form of cryptanalysis; the term is used sardonically. However, given the free availability of very high strength cryptographic systems, this type of attack is a much more serious threat to most users than mathematical attacks. It is often much easier to attempt to circumvent cryptographic systems (e.g. steal the password) than to attack them directly.

See also


  1. ^ "Remote Password Stealer 2.7". Download3K. 
  2. ^ Elinor Mills (March 20, 2009). "Sniffing keystrokes via laser and keyboard power". ZDNet. 
  3. ^ "Snooping through the power socket". BBC News. July 13, 2009. 
  4. ^ "Keyboard sniffers to steal data". BBC News. October 21, 2008. 
  5. ^ "United States v. Scarfo, Criminal No. 00-404 (D.N.J.)". Electronic Privacy Information Center. 
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.