During a web-application assessment, you discover that the site encrypts session cookies with a home-grown stream cipher that takes a user-supplied IV. By forcing the server to reuse an IV, you capture two ciphertexts produced with the same keystream and plan to XOR them together to expose relationships between the original plaintexts. Which cryptanalytic method does this technique exemplify?
Linear cryptanalysis that builds probabilistic linear approximations of S-box behavior
A ciphertext-only keystream-reuse (two-time pad) attack against a stream cipher
Differential cryptanalysis using chosen-plaintext pairs to trace input-output bit differences
A meet-in-the-middle attack aimed at reducing the key space of double encryption
Stream ciphers are secure only when each plaintext is combined with a unique, never-repeated keystream. If the same key/IV pair is used twice, the keystream is identical in both encryptions. XORing two ciphertexts cancels out that keystream, leaving the XOR of the two plaintexts, which an attacker can "crib-drag" to recover each message. This is commonly called a two-time-pad or keystream-reuse attack and falls under ciphertext-only analysis because no plaintext must be known in advance. Linear cryptanalysis, differential cryptanalysis, and meet-in-the-middle require block ciphers and different data or assumptions; they do not rely on keystream reuse in stream ciphers.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is keystream reuse a major vulnerability in stream ciphers?
Open an interactive chat with Bash
What is the purpose of an Initialization Vector (IV) in stream ciphers?
Open an interactive chat with Bash
How does a two-time-pad attack work in cryptanalysis?
Open an interactive chat with Bash
What is a stream cipher and how does it differ from a block cipher?
Open an interactive chat with Bash
Why does reusing an Initialization Vector (IV) with the same key compromise security in stream ciphers?
Open an interactive chat with Bash
What is XOR and why is it used in cryptographic processes?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .