Q: 2
Which attack is the network vulnerable to when a stream cipher like RC4 is used twice with the same
key?
Options
Discussion
C or A. I'm kind of split here, since if you reuse the keystream attackers could spot patterns in the ciphertexts (so C), but I've also seen arguments that forgery (A) is possible if you manipulate outputs. Still, stream cipher key reuse usually points to ciphertext-only attacks. Anyone disagree?
Feels like C, since reusing a stream cipher key (like RC4) lets attackers analyze just ciphertexts to recover info about the plaintext. A is tempting but it's more about forging, not just ciphertext analysis. Pretty sure that's the classic weakness for key reuse. Open if anyone has a different take.
Its C
Option C makes sense here. With stream ciphers like RC4, reusing the same key means attackers can analyze only ciphertexts to find patterns due to how XOR works. Pretty sure this is the weakness they test for, but let me know if you disagree.
Its C, since attackers can XOR ciphertexts encrypted with the same RC4 key and start figuring out underlying plaintext without needing to see any actual plaintext. That's a textbook ciphertext-only attack scenario. Not 100 percent but that's what most practice exams point to for this type of question. If someone has a real-world counter, open to hear it.
This is one of those nitpicky cases, since if you reuse an RC4 key on different streams, attackers can perform a ciphertext-only attack by XORing the ciphertexts together. That leaks info about the underlying plaintexts even if they never see any actual plaintext. Option C fits best here, but if plaintexts were ever exposed, other attacks might come into play. Pretty sure C is what they're after.
C , A is tricky but reusing RC4 keys mainly enables ciphertext-only attacks. Trap for those picking forgery.
A, I think. If the same RC4 key is reused, wouldn't that let you forge valid ciphertexts by manipulating the keystream? Not totally confident but that's my pick.
C
A is wrong, C. If you reuse a stream cipher key, attackers just need ciphertexts to break it-classic ciphertext-only vulnerability. Pretty sure this matches what I've seen in exam reports.
Be respectful. No spam.
