Plaintext

From Wikipedia, the free encyclopedia

Jump to: navigation, search

In cryptography, plaintext is the information which the sender wishes to transmit to the receiver(s). Before the computer era, plaintext simply meant text in the language of the communicating parties. Since computers, the definition has been expanded to include not only the electronic representation of text, such as email and word processor documents, but also the computer representation of speech, music, pictures, videos, ATM and credit card transactions, sensor data, and so forth, basically any information which the communicating parties might wish to conceal from others. The plaintext is the normal representation of the data before any action has been taken to conceal it.

The plaintext is used as input to an encryption algorithm; the output is termed ciphertext. In some systems, however, multiple layers of encryption are used, in which case the ciphertext output of one encryption algorithm becomes the plaintext input to the next.

In a cryptosystem, weaknesses can be introduced through insecure handling of the plaintext, allowing an attacker to bypass the cryptography altogether. Plaintext is vulnerable in use and in storage, whether in electronic or paper format. Physical security deals with how media can be secured from local, physical, attacks. for instance, an attacker might enter a poorly secured building and attempt to open locked desk drawers or safes. An attacker can also engage in dumpster diving, and may be able to reconstruct shredded information. One countermeasure is to burn or thoroughly crosscut shred discarded printed plaintexts. (See Paper shredder for specifications.) If plaintext is kept in a computer file, the disk along with the entire computer and its components must be secure. Sensitive data is sometimes processed on computers whose mass storage is removable, in which case physical security of the removed disk is separately vital. In the case of securing a computer, that security must be physical (e.g., against burglary, brazen removal under cover of a repair, installation of covert monitoring devices, etc.) as well as virtual (e.g., operating system modification, illicit network access, Trojan programs, ...). The wide availability of keydrives, which can plug into most modern computers and receive hundreds of megabytes of data, poses another severe security headache. A spy (perhaps posing as a cleaning person) could easily conceal one and even swallow it, if necessary.

Discarded computers, disk drives and media are also a potential source of plaintexts. Most operating systems do not actually erase anything — they simply mark the disk space occupied by a deleted file as 'available for use', and remove its entry from the file system directory. The information in a file deleted in this way remains fully present until overwritten at some later time when the operating system reuses the disk space. With even low-end computers commonly sold with many Gigabytes of disk space and rising monthly, this 'later time' may be months, or never. Even overwriting the portion of a disk surface occupied by a deleted file is insufficient in many cases. Peter Gutmann of the University of Auckland wrote a celebrated paper about 1996 on the recovery of overwritten information from magnetic disks (though since drive densities have got much higher since then, this type of recovery is now much harder[citation needed]). Also, modern hard drives automatically remap sectors that are starting to fail; those sectors no longer in use will contain information that is invisible to the file system software but is nonetheless still there on the physical platter. It may be senstive data. Some government agencies (e.g., NSA) require that all disk drives be physically pulverized when they are discarded, and in some cases, chemically treated with corrosives before or after. This practice is not widespread outside of the government, however. For example, Garfinkel and Shelat (2003) analysed 158 second-hand hard drives acquired at garage sales and the like and found that less than 10% had been sufficiently sanitised. A wide variety of personal and confidential information was found readable from the others. See data remanence.

Laptop computers are a special problem. The US State Department, the British Secret Service, and the US Department of Defense have all had laptops containing secret information, presumably in readable text form, 'vanish' in recent years. Announcements of similar losses are becoming a common item in news reports. Disk encryption techniques can provide protection if they are used properly.

On occasion, even when the data on the host systems is itself encrypted, the media used to transfer data between such systems is still left as plaintext because of bad data policy. An incident in October 2007 where the English HM Revenue and Customs lost CDs containing no less then 25m records of child benefit recipients in the United Kingdom — the data on the CDs apparently being entirely unencrypted — is a case in point.

Modern cryptographic systems are designed to resist attacks based on known plaintext or even chosen plaintext. Older systems used techniques such as padding and Russian copulation to obscure information in plaintext that would be known or easily guessed.

  • S. Garfinkel and A Shelat, "Remembrance of Data Passed: A Study of Disk Sanitization Practices", IEEE Security and Privacy, January/February 2003 (PDF).
  • UK HM Revenue and Customs loses 25m records of child benefit recipients BBC
Retrieved from "http://en.wikipedia.org/wiki/Plaintext"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.