The attack is completely successful if the corresponding plaintexts can be deduced (extracted) or, even better, the key. The ability to obtain any amount of information from the underlying ciphertext is considered a success.
Every modern cipher attempts to provide protection against ciphertext-only attacks. The process of selecting a new cipher design standard usually takes many years and includes exhaustive testing of large quantities of ciphertext for any statistical different approach from random noise. On the other hand, poor cipher depends on home-grown proprietary algorithms that have not been subjected to extensive testing and inspection; for this reason, many computer-age encryption systems are still subject to ciphertext-only attack but still in use. Examples include:
- Early versions of Microsoft's PPTP virtual private network software used the same RC4 key for the sender and the receiver (later versions solved this problem but may still have other problems). In any case where a stream cipher like RC4 is used twice with the same key, it is open to ciphertext-only attack.
- Wired Equivalent Privacy (WEP), the first security protocol for Wi-Fi, proved susceptible to several attacks, most of them ciphertext-only.
- Some modern cipher designs have later been shown to be suspect to ciphertext-only attacks. For example, Akelarre.
References[change | change source]
- Alex Biryukov and Eyal Kushilevitz, "From Differential Cryptanalysis to Ciphertext-Only Attacks," CRYPTO 1998, pp 72–88;