# Re: Chosen plaintext attacks

*From*: JT <jonas.thornvall@xxxxxxxxxxx>*Date*: Wed, 15 Sep 2010 01:56:37 -0700 (PDT)

On 14 Sep, 20:05, unruh <un...@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

On 2010-09-14, JT <jonas.thornv...@xxxxxxxxxxx> wrote:

On 14 Sep, 15:31, rossum <rossu...@xxxxxxxxxxxx> wrote:

A chosen plaintext allows the attacker to easily extract the keystream

from the cyphertext. ?Having the keystream allows the attacker to

attack the underlying CSPRNG directly.

rossum

There is some vaguely retarded to suggest a chosen plaintext attack

on a cipher who relies on a simple XOR of plaintext, of course the

plaintext will be revealed.

??? If you read the paragraph you are responding to you will note that

it says that the chosen plaintext allows to extract the KEYSTREM not the

plaintext.

It was slopy written of me of course i meant the the keystream, i did

actually correct it but you missed it in an answer to myself.

An OTP cipher relies on that the keystream comes from a random source

can not be recreated.

But this discussion is NOT about OTP but about stream cyphers. Stream

cyphers generate a pseudo random stream from a small key.

This in theory they have very very little entropy and there are huge

long range correlations in the stream. Finding them is the diffculty.

No the stream have the entropy of the possible keysize in a variable

key cipher, i thought professionals should know that. There is 256!

possible different keys in this cipher if you fully utilize the

keyexpansion. And there is no problem whatsoever to expand the max

keysize to any size like example 4096!. It is about permutations and

keyexpansion.

That is not a small entropy it is small potato, even to bruteforce a

256! key is a gigantic

undertaken.

Similarly an PRP cipher relies on the fact that the internal keystream

not can be recreated without the key.

For a finite key, you know that is not true. There exists some way of

finding the generation of the stream without the key.

Well if you find it easier to find(bruteforce) the 6044 bites of the

internal stream then to bruteforce the key. There is, but what is the

point.

It is afterall 6044 bits that should be guessed so a bruteforce of

the key is far easier.

That is one way of finding the keystream without knowing the key.

Yes to bruteforce the much bigger internal stream makes very much

sense, a search space of 2^6044 is much easier to attack then a

keyspace of 256! duuuuuuuuh........

So there is something vaguely retarded over suggesting a plaintext

attack when the keystream is free for inspection.

??? HOw is the keystream free for inspection?

By a chosen plaintext attack CPRNG output layer ***mashed potato*** is

shown.

Maybe we misunderstod eachother, i call also the CPRNG output a

keystream or is there another name for it?

Of course the three internal convoluting stream buffers is keystreams.

However the ***small potato*** streams and savestate of total 6044

bit are not revealed.

I give you mashed potato to observ, small potato stays hidden.

Well that is just my thoughts about the subject and the chosen way to

attack it, what have gone wrong?

JT

.

**References**:**Chosen plaintext attacks***From:*JT

**Re: Chosen plaintext attacks***From:*rossum

**Re: Chosen plaintext attacks***From:*JT

**Re: Chosen plaintext attacks***From:*unruh

- Prev by Date:
**Re: Bi-directional certificate authentication [vs. passwords]** - Next by Date:
**Re: Chosen plaintext attacks** - Previous by thread:
**Re: Chosen plaintext attacks** - Next by thread:
**Re: Chosen plaintext attacks** - Index(es):