Re: Chosen plaintext attacks



On 14 Sep, 20:05, unruh <un...@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2010-09-14, JT <jonas.thornv...@xxxxxxxxxxx> wrote:

On 14 Sep, 15:31, rossum <rossu...@xxxxxxxxxxxx> wrote:
A chosen plaintext allows the attacker to easily extract the keystream
from the cyphertext. ?Having the keystream allows the attacker to
attack the underlying CSPRNG directly.

rossum

There is some vaguely retarded  to suggest a chosen plaintext attack
on a cipher who relies on a simple XOR of plaintext, of course the
plaintext will be revealed.

??? If you read the paragraph you are responding to you will note that
it says that the chosen plaintext allows to extract the KEYSTREM not the
plaintext.

It was slopy written of me of course i meant the the keystream, i did
actually correct it but you missed it in an answer to myself.


An OTP cipher relies on that the keystream comes from a random source
can not be recreated.

But this discussion is NOT about OTP but about stream cyphers. Stream
cyphers generate a pseudo random stream from a small key.
This in theory they have very very little entropy  and there are huge
long range correlations in the stream. Finding them is the diffculty.

No the stream have the entropy of the possible keysize in a variable
key cipher, i thought professionals should know that. There is 256!
possible different keys in this cipher if you fully utilize the
keyexpansion. And there is no problem whatsoever to expand the max
keysize to any size like example 4096!. It is about permutations and
keyexpansion.

That is not a small entropy it is small potato, even to bruteforce a
256! key is a gigantic
undertaken.

Similarly an PRP cipher relies on the fact that the internal keystream
not can be recreated without the key.

For a finite key, you know that is not true. There exists some way of
finding the generation of the stream without the key.

Well if you find it easier to find(bruteforce) the 6044 bites of the
internal stream then to bruteforce the key. There is, but what is the
point.



It is afterall 6044 bits that should be guessed so a bruteforce  of
the key is far easier.

That is one way of finding the keystream without knowing the key.

Yes to bruteforce the much bigger internal stream makes very much
sense, a search space of 2^6044 is much easier to attack then a
keyspace of 256! duuuuuuuuh........




So there is something vaguely retarded over suggesting a plaintext
attack when the keystream is free for inspection.

??? HOw is the keystream free for inspection?

By a chosen plaintext attack CPRNG output layer ***mashed potato*** is
shown.

Maybe we misunderstod eachother, i call also the CPRNG output a
keystream or is there another name for it?

Of course the three internal convoluting stream buffers is keystreams.

However the ***small potato*** streams and savestate of total 6044
bit are not revealed.

I give you mashed potato to observ, small potato stays hidden.



Well that is just my thoughts about the subject and the chosen way to
attack it, what have gone wrong?

JT

.