Talk:Rubber-hose cryptanalysis

This article was nominated for merging with Deniable_encryption on 19 March 2024. The result of the discussion was Merge.

This redirect does not require a rating on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Cryptography: Computer science Low‑importance This redirect is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Low This redirect has been rated as Low-importance on the importance scale. This redirect is supported by WikiProject Computer science (assessed as Low-importance).

This redirect is written in American English, which has its own spelling conventions (color, defense, traveled) and some terms that are used in it may be different or absent from other varieties of English. According to the relevant style guide, this should not be changed without broad consensus.

Unfortunately, it would defeat the system to cite a source for the addition on steganographic counter attacks. Does that make sense? Lmgtfy? — Preceding unsigned comment added by yanazendo (talk • contribs)

Hi! I added a WP:UNSIGNED template to your message. If you could please add a signature to it (append ~~~~ to the end) that would be great. Linuxtinkerer (talk) 18:06, 2 December 2014 (UTC)[reply]

I'm in favor of this article redirecting to "torture" since -- as discussed and apparently generally agreed upon below -- it is just a colorful euphemism. Any objections?

75.76.234.196 (talk) 21:19, 25 December 2009 (UTC)[reply]

I strongly object. This article presents the computational science regarding a specific cryptanalysis attack. The "torture" article is quite different.

--Yanazendo (talk) 21:11, 27 November 2014 (UTC)[reply]

Temporarily moved here from the article:

Torture has been employed in real situations in just this way.

I'm slightly skeptical that this has been documented, or at least, it would be better if we could actually cite an example of where this has taken place. — Matt 20:19, 12 Jun 2004 (UTC)

One well documented example would be the the Snowtown murders. Before being strangled, butchered and stuffed in barrels of acid, some of the victims were tortured to reveal their banking PINs - and also forced to read scripts that were later spliced into messages used to throw their families off the track, and keep their welfare cheques flowing. They were tortured not with rubber hoses, but with electric shocks, fire, knives and pliers [1]. A vaguely similar case - involving partial strangulation, rape, and torture with fire to extract a PIN, but only one victim, and no murder this time - is here. (Quite possibly it was inspired by Snowtown.) (I had also heard that this is a relatively common crime in South Africa, but the only references I could find were to sadistic torture or vigilantism, rather than extracting PINs.)

However, I suspect that the grisly horror of actual torture cases would be a distraction from the essence of the article, which is designing protocols which obviate torture. Securiger 15:25, 18 Oct 2004 (UTC)

It is mentioned that the term rubber-hose cryptanalysis was coined in the sci.crypt group. This is not true. Quote from sci.crypt: "Shorthand for any method of coercion: the originator of the term drily noted that it 'can take a surprisingly short time and is quite computationally inexpensive' relative to other cryptanalysis methods". To find the real originator of the term, we should ask Marcus J. Ranum, the writer of that article on sci.crypt. The real originator could also be asked if he was really thinking of beatings with a rubber hose, or of the torture method that was employed by nazi's in WWII: sticking a rubber hose (garden hose) in someone's rectum and filling his intestines and stomach with water until (s)he broke. Excruciatingly painful according to survivors. —Preceding unsigned comment added by 161.85.127.139 (talk • contribs)

In Russian language it's usually called "thermorectal cryptoanalysis". Means soldering iron. —Preceding unsigned comment added by 82.207.115.213 (talk) 15:48, 26 March 2008 (UTC)[reply]

mention Edward II? Wasn't there some Russian Tzar who was offed that way too? 65.46.169.246 (talk) 18:54, 28 December 2010 (UTC)[reply]

IMO, beating with a rubber hose is less efficient (or successful) than using the rubber hose on the neck (for strangulation). Before reading the details, I was actually under the opinion that the rubber hose is applied to the neck. —Preceding unsigned comment added by 213.140.15.168 (talk) 23:36, 23 May 2008 (UTC)[reply]

Or better, just using a $5 wrench, as seen in xkcd. —Preceding unsigned comment added by 71.245.76.111 (talk) 20:12, 2 February 2009 (UTC)[reply]

Yeah, it should be called Wrench Cryptanalysis. Xkcd has much greater cultural relevance than an ancient usenet post. It is not even referenced, shame on the editors!

In an actual attempt to force someone to turn over key material, it's likely that literal torture would be a last resort; instead, other methods (such as threatening jail time, public humiliation, or harm to family members) would be employed first (a la RIP). Therefore, I'm changing the top link to "coercion" instead of "torture" (and consequently wikifying the later reference). Please discuss any disagreement. chrylis (talk) 17:40, 26 August 2008 (UTC)[reply]

The term torture is just too gruesome. We talk about gitmotizing somebody. 70.137.139.73 (talk) 04:10, 15 January 2009 (UTC)[reply]

There was a part referring to the effectiveness of torture. It clearly had no place on this page and is discussed at great length elsewhere. Even more absurdly, it referred to the use of plea bargaining rather than coerced confession, which has little if any relevance to the current discussion and indicated it was copied and pasted straight from elsewhere. Thus, deleted. —Preceding unsigned comment added by 128.135.221.168 (talk) 05:43, 3 February 2009 (UTC)[reply]

The entire thing is unsourced, except for the attribution of the term to the sci.crypt usenet group. I've deleted the bulk of the text (including a self-referential CNET reference!) in the hopes that someone will start cleanly and with sources. The entire thing was a mess of unreferenced speculation and outright opinion. 67.65.52.242 (talk) 19:56, 7 August 2009 (UTC)[reply]

It's still in need of a lot of work. I added some templates mark is as in need of help. I'm not quite sure the topic merits its own article. Suspender guy (talk) 20:28, 16 July 2016 (UTC)[reply]

The existence of numerous references to this term proves that theis euphemism is commonly known. We are talking not of REAL rubberhose procedures either, when talking about rubberhose cryptography, but it is just a colorful euphemism for physical torture. The same is the case with the soldering iron story. (This does not exclude that indeed rubber hoses or soldering irons have been used for torture sometimes, somewhere. But the euphemisms are just tongue in cheek euphemisms, selected to sound as horrible as possible) The large number of google hits on thermorectal analysis in Russian is evidence that this language term exists in hacker slang, not that it is indeed the official method or preferred methods of torture. Nor is there a scientific book about the use of soldering irons, of course. 70.137.147.176 (talk) 21:34, 28 October 2009 (UTC)[reply]

I've reverted your edit to the article, as I don't see it as adding any value to the Wikipedia. You can argue the case above, but I think we'd both have to agree it's a pretty weak one - and certainly isn't reflected in the edit you made! Nuwewsco (talk) 21:43, 28 October 2009 (UTC)[reply]

Just remember, that the "rubber hose" term also just originated, because somebody on sci.crypt coined it. Same for the case here. 70.137.147.176 (talk) 21:46, 28 October 2009 (UTC)[reply]

I don't have anything against covering it in the article if it indeed is "commonly known". However, I won't take your word for it, please try looking up some reliable sources. And using this parody/hoax book as a source will not work. -- intgr [talk] 21:52, 28 October 2009 (UTC)[reply]

The point in 'Thermorectal cryptoanalysis' is that it uses pseudo-scientific terminology (unlike 'rubber-hose'). That is it is like dihydrogen monoxide in its ability of producing hoaxes.--MathFacts (talk) 08:41, 20 March 2010 (UTC)[reply]

Where in the world is this defense section coming from? It reads like a shopping list of topics to be fleshed out at a later time, and only tangentially related to this article. These concepts are far too general for such a narrowly-focused article, and would be better suited to an article like Cryptosystem, or some more generic cryptographic article; maybe one about cryptanalysis. In any case, to leave it at calling the section "unclear" does a disservice to the readers. It should be rewritten entirely or removed. 66.12.102.114 (talk) 00:35, 13 April 2010 (UTC)[reply]

I have been summoned to specify where the RIPA covers the possibility that users of a cryptosystem may not be able to surrender encryption keys on demand.

There are several clauses in the RIPA that imply that the Act recognizes the possibility that a person might not be in the possession of the keys being sought.

• According to section 49(2), a prerequisite to imposing a requirement on a person to disclose a key is a belief, "on reasonable grounds", that that key is in their possession.
• Section 50(2) describes the effect effect of such a disclosure requirement being imposed "on a person who is in possession ... of ... a means of obtaining access to the information" – the wording of which implies that someone might not have the means of obtaining such access.
• Section 50(3) states the effect if the person in question is "incapable, without the use of a key that is not in his possession, of obtaining access to the information and of disclosing it"; the effect is that "he shall be required ... to make a disclosure of any key to the protected information that is in his possession". Clearly, this means that in the Act the possibility is foreseen that a person might not have the keys required for decryption.
• Finally, section 53(3) states:

  "(3) For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if—

  (a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and

  (b) the contrary is not proved beyond a reasonable doubt."

The RIPA is bad enough as it is; there is no need to overstate the case.  --Lambiam 21:59, 4 May 2010 (UTC)[reply]

This article ignores the fact that a rights-abusing moron is going to beat someone else with a rubber hose to operate a debugger to be sure the data being decrypted is ALL of the data and not just some of it. This article is DANGEROUSLY misleading, I can't stress that point enough. Having two bunches of encrypted data is going to simply require two separate beatings until all the data is decoded. —Preceding unsigned comment added by 220.245.128.9 (talk) 17:41, 19 August 2010 (UTC)[reply]

The whole point of deniable encryption is that there is no evidence whether a second set of encrypted data even exists. -- intgr [talk] 19:28, 19 August 2010 (UTC)[reply]

The fact there is no evidence may not be relevant which is what 220 is trying to say I suspect (sorry reread 220's comment, they were clearly confused) though. For example, with TrueCrypt I've seen it suggested you should always create hidden volumes if you fear you may be tortured for the key just so you can actually provide both keys if necessary. Similarly if you use any encryption system with two possible keys it would seem to me you should do the same thing. And I would stay away from something with an unlimited number of possible keys if your intention is to avoid torture due to having encryption and not revealing the keys (of course such systems may be useful when you want to increase your chances of protecting the data). In other words, if your concerned about torture or others not bound by the rule of law, plausible deniability doesn't really work, and in fact systems which allow multiple keys which can decrypt different sets of data actually probably increase the risk of torture since anyone smart enough to understand the system is just going to keep torturing you in case there are more keys even if you give up what you have. Think about it this way. If the torturers are willing to ignore your protestations that you don't have the key when these are true, why do you think they're going to care about your protestations you don't have any more keys even if these are true? Nil Einne (talk) 10:05, 31 August 2010 (UTC)[reply]

Reading a bit more, it appears what the article may be trying to suggest is if you have a case when the person doesn't have the key, then using a multikey system may help in reducing torture. This is perhaps true, since if the adversaries get a key they may accept faster that the person doesn't have any more keys then they may if the person doesn't give up anything. (As I've already said, they may also help in protecting data which of course means reducing torture or whatever when you are determined to protect data for a similar reason.) It's always of course going to depend on who your adversary is and what they think they know about you Nil Einne (talk) 11:00, 31 August 2010 (UTC)[reply]

Reviewing the article and the talk page discussion over the last year, it seems that the synth issues related to the tag may be resolved. If they are not, I welcome any editor to refresh the tag so that it does not appear stale. aprock (talk) 19:18, 31 January 2011 (UTC)[reply]

It's a shame we can't use the xkcd image about the $5 wrench[2] as an illustration for this article. In theory we could ask Randall Munroe (User:Xkcd) to release the image under CC-BY-2.5, but we probably shouldn't. So many images that could be used for so many articles... --82.170.113.123 (talk) 18:37, 23 May 2013 (UTC)[reply]

Agreed. I'm going to start calling this $5 wrench cryptanalysis anyway. ;-) Ajedi32 (talk) 19:49, 3 December 2014 (UTC)[reply]

This article was linked to from the "explain xkcd" wiki, and I thought it said "rubber-horse" at first. This is entirely irrelevant to this article, but I just wanted to say that. 71.187.104.135 (talk) 22:28, 23 June 2015 (UTC)[reply]

It is under CC-BY-2.5 through. I might be wrong through. — Preceding unsigned comment added by Ææqwerty (talk • contribs) 09:03, 26 December 2019 (UTC)[reply]

Hello fellow Wikipedians,

I have just modified one external link on Rubber-hose cryptanalysis. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:

• Added archive https://web.archive.org/web/20111108020103/http://www.parliament.the-stationery-office.co.uk/pa/ld199900/ldbills/061/2000061.htm to http://www.parliament.the-stationery-office.co.uk/pa/ld199900/ldbills/061/2000061.htm

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers.—InternetArchiveBot (Report bug) 05:13, 9 December 2017 (UTC)[reply]

Which parts of the article are considered as having strayed away from the main article?

I didn't find who put the cleanup tag on it in 2016 or any specifics.

Netscr1be (talk) 17:31, 9 September 2020 (UTC)[reply]

I'm assuming there's not a ton of people to reference for info in this subject but for whatever it's worth... Let it be known rubber hoses are generally not commonly thought of as instruments for "torture". At least as far as North American and modern pop culture would depict through media or news or my overall life experience... what are rubber hoses used for though, in a literal sense or reality?

Rubber hoses can be used to move a medium. Such as fuel/oil from a storage vessel or secure container into another type of storage (like portable and standardized vessels approved for carry and transport by local or national highway , traffic and safety standards)

Think of a client having their assets removed a few bits at a time.. if the client exclusively works with large denominations (Mb or Gb ), it'd be easy to siphon bits and unlikely to draw attention or notice.. if the client was a Gas station it could have its tank siphoned theoretically.. same way it gets filled.. with a rubber hose!

Figured since this topic seems slightly speculative, it be more likely in practical sense if we're sticking with the Rubber hose name thing. 73.83.100.13 (talk) 10:26, 29 March 2022 (UTC)[reply]

Is the line "such as beating that person with a rubber hose, hence the name" acceptable for this article, or should it be removed? 205.213.208.210 (talk) 16:16, 10 May 2023 (UTC)[reply]

It's how the process is described in the linked article: https://www.schneier.com/blog/archives/2008/10/rubber_hose_cry.html ... discospinster _talk 16:22, 10 May 2023 (UTC)[reply]