ciphertext-only attack

Every modern cipher attempts to provide protection against ciphertext-only attacks.

There are, however, extensions that would allow a known plaintext or even a ciphertext-only attack.

Some modern cipher designs have later been shown to be suspect to ciphertext-only attacks.

Classical schemes are often susceptible to ciphertext-only attacks, sometimes even without knowledge of the system itself, using tools such as frequency analysis.

This can thwart statistical methods that help brute-force attacks identify the right solution in a ciphertext-only attack.

On the other hand, modern ciphers are designed to withstand much stronger attacks than ciphertext-only attacks.

In any case where a stream cipher like RC4 is used twice with the same key it is open to ciphertext-only attack.

The ciphertext-only attack model is the weakest attack because it implies that the cryptanalyst has nothing but ciphertext.

Many of the classical ciphers can be broken even if the attacker only knows sufficient ciphertext and hence they are susceptible to a ciphertext-only attack.

A ciphertext-only attack is devastating for a modern block cipher; as such, it is probably more prudent to use another algorithm for encrypting sensitive data.

In some ciphers, these properties of the natural language plaintext are preserved in the ciphertext, and have the potential to be exploited in a ciphertext-only attack.

Ciphertext-only attack (COA) - in this type of attack it is assumed that only the ciphertext is available to the cryptanalyst.

Any cipher that can prevent chosen-plaintext attacks is then also guaranteed to be secure against known-plaintext and ciphertext-only attacks; this is a conservative approach to security.

In a ciphertext-only attack, the cryptanalyst has access only to the ciphertext (good modern cryptosystems are usually effectively immune to ciphertext-only attacks).

Alex Biryukov, Eyal Kushilevitz: From Differential Cryptoanalysis to Ciphertext-Only Attacks.

In cryptography, a ciphertext-only attack (COA) or known ciphertext attack is an attack model for cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts.

Nonetheless poor cipher usage or reliance on home-grown proprietary algorithms that have not been subject to thorough scrutiny has resulted in many computer-age encryption systems that are still subject to ciphertext-only attack.

US researcher Dennis Ritchie has described a 1970s collaboration with James Reeds and Robert Morris on a ciphertext-only attack on the M-209 that could solve messages of at least 2000-2500 letters.

On the other hand, poor cipher depends on home-grown proprietary algorithms that have not been subjected to extensive testing and inspection; for this reason, many computer-age encryption systems are still subject to ciphertext-only attack but still in use.

Biryukov and Kushilevitz (1998) published an improved differential attack requiring only 16 chosen-plaintext pairs, and then demonstrated that it could be converted to a ciphertext-only attack using 2 ciphertexts, under reasonable assumptions about the redundancy of the plaintext (for example, ASCII-encoded English language).

Serious weaknesses have been found in both algorithms: it is possible to break A5/2 in real-time with a ciphertext-only attack, and in February 2008, Pico Computing, Inc revealed its ability and plans to commercialize FPGAs that allow A5/1 to be broken with a rainbow table attack.