What is the main advantage of a 'rubber-hose' attack?

• A. It provides unlimited password guesses regardless of password complexity.
• B. It is an efficient method to break symmetric keys using known weaknesses.
• C. It can reduce the time to guess a password to an acceptable level, independent of the volume of secret information, key length, or cipher strength.
• D. It guarantees protection against brute-force attempts.

Answer: (C)

Rubber-hose attacks rely on coercion or physical pressure to extract secrets from a person, bypassing the need to crack cryptography at all. The main advantage is that the attacker can obtain a password or key quickly, without having to test guesses or break algorithms. Because the secret is handed over or coerced, its secrecy isn’t bounded by password length, entropy, or the strength of the cipher—access is granted immediately once the secret is obtained. This makes the time to breach data effectively independent of how complex the password is, how much encrypted material exists, or how robust the encryption scheme might be.

So, rather than relying on guessing, cracking, or exploiting weaknesses in cryptographic primitives, a rubber-hose approach short-circuits the process by compelling disclosure. It’s not about improving cryptographic methods or defeating brute-force attacks; it’s about circumventing them through human factors. The other options describe technical attacks or guarantees that don’t reflect the coercion-based method and its real-world implication of rapid access once the secret is obtained.