Cryptanalysis with a rubber hose and methods for its prevention

If necessity is the mother of invention, then adversity and dramatic events are perhaps the mother of cryptanalysis.

The author of The Cipher Book is Singh Simon.

What hacking methods are more effective? Searching for vulnerabilities in programs? Full search? Guessing the hash? But they didn't guess. It is user-level attacks that do their job most effectively.

One of the main problems of cryptography is precisely the fact that a person is a weak link in a cryptosystem.

Spoiler the mandalorian

Cryptographic systems often rely on the secrecy of cryptographic keys provided to users. However, many schemes fail to counter duress attacks, where an attacker forces a user to disclose a key. Known as rubber hose cryptanalysis (or gangster cryptanalysis) , these attacks are often the least time- and effort-intensive methods used to break cryptography. 

Blackmail, threats and torture are some of the ways to manipulate people, i.e. ways to apply social engineering.

---

Social engineering is a method of manipulating the thoughts and actions of people. It is based on the psychological characteristics of the individual and the laws of human thinking.

.

• - , , - . , ..

  
  
  
  
  

• - , , .

  
  
  
  
  

• - , - , (- ), - .

  
  
  
  
  

• - " ". , .

  
  
  
  
  

• - , "" , , , .

  
  
  
  
  

• - .

  
  
  
  
  

• - , - , .

  
  
  
  
  

:

• .

  
  
  
  
  

• .

  
  
  
  
  

• .

  
  
  
  
  

• .

  
  
  
  
  

• .

  
  
  
  
  

• , .

  
  
  
  
  

• .

  
  
  
  
  

• .

  
  
  
  
  

, , .

---

, .

- . , , . - , ASCII, -. - . - . - , , .

, , . ? - , ( ). , , . . , , . .

(№1), . 2 :

• : , . , , ( ). , . .

  
  
  
  
  

• : , . 1 9.

  
  
  
  
  

. , , , * (https://www.reberlab.org/file/show/SISL?group=667b435bdb923a53). , . , .

* , .

, . (№2), (№1), , .

, . .

:

Ego Depletion Impairs Implicit Learning (Kelsey R. Thompson, Daniel J. Sanchez, Abigail H. Wesley, Paul J. Reber.)

Let's take a look at another of the most popular protection options - double encryption. The essence of this method is rather simple: there are various data, some of which require special control. They are accessed by password. If you enter one password, you get access to "open" content, and in the case of another - to extremely important data.

The main disadvantage of this method is that pressure can continue until a "real" password is issued.

I wish no one ever meet this type of cryptanalyzer!