Incryptography,black-bag cryptanalysis is aeuphemism for the acquisition of cryptographic secrets viaburglary, or other covert means – rather than mathematical or technicalcryptanalytic attack. The term refers to the black bag of equipment that a burglar would carry or ablack bag operation.
As withrubber-hose cryptanalysis, this is technically not a form of cryptanalysis; the term is usedsardonically. However, given the free availability of very high strength cryptographic systems, this type of attack is a much more serious threat to most users than mathematical attacks because it is often much easier to attempt to circumvent cryptographic systems (e.g. steal the password) than to attack them directly.
Regardless of the technique used, such methods are intended to capture highly sensitive information e.g.cryptographic keys, key-rings,passwords or unencrypted plaintext. The required information is usually copied without removing or destroying it, so capture often takes place without the victim realizing it has occurred.
In addition to burglary, the covert means might include the installation ofkeystroke logging[1] ortrojan horse software or hardware installed on (or near to) target computers or ancillary devices. It is even possible tomonitor the electromagnetic emissions of computer displays or keyboards[2][3] from a distance of 20 metres (or more), and thereby decode what has been typed. This could be done by surveillance technicians, or via some form ofbug concealed somewhere in the room.[4] Although sophisticated technology is often used, black bag cryptanalysis can also be as simple as the process of copying a password which someone has unwisely written down on a piece of paper and left inside their desk drawer.
The case ofUnited States v. Scarfo highlighted one instance in which FBI agents using asneak and peek warrant placed a keystroke logger on an alleged criminal gang leader.[5]