Cryptography/Social Engineering and Coercion

From Wikibooks, the open-content textbooks collection

In encryption, the weakest leak is almost always a person.

While you could spend many hours attempting to decipher a encrypted message, or intercept a password, you can easily trick a person into telling you this information.

Suppose Bob works for a large company and encrypts document E with key K. Suppose Eve, wishing to decrypt document E, calls Bob and pretends to work for the company's information security department. Eve would pretend a problem existed with the computers, servers, etc. and ask Bob for his key, K, which she would use to decrypt E. This is an example of social engineering.