[Cryptography] XORing plaintext with ciphertext

John Kelsey crypto.jmk at gmail.com
Sat Sep 7 21:46:31 EDT 2013

It depends on the encryption scheme used.  For a stream cipher (including AES in counter or OFB mode), this yields the keystream.  If someone screws up and uses the same key and IV twice, you can use knowledge of the first plaintext to learn the second.  For other AES chaining modes, it's less scary, though if someone reuses their key and IV, knowing plaintext xor ciphertext from the first time the key,iv pair was used can reveal some plaintext from the second time it was used.  


More information about the cryptography mailing list