Effective CISSP Questions

Wired Equivalent Privacy (WEP), ratified in 1997, is the first-generation security solution for 802.11 wireless networks. The 64-bit WEP uses the stream cipher RC4 with a 24-bit initialization vector (IV) and a 40-bit secret key. Hackers can use Aircrack-ng to sniff wireless traffic and crack the secret key by exploiting the short IV. Which of the following best describes the attack used to break WEP? (Source: Wentz QOTD)
A. Ciphertext-only
B. Known-plaintext
C. Chosen-plaintext
D. Chosen-ciphertext

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Ciphertext-only.

There are various cryptanalysis techniques against ciphers that can be categorized into four general attack scenarios:

  • Ciphertext-only
  • Known-plaintext
  • Chosen-plaintext
  • Chosen-ciphertext


A ciphertext-only attack (COA) refers to the scenario where the attacker only has access to the ciphertext. It is the most common scenario. For example, hackers can sit in a cafe shop and capture the encrypted packets of wireless networks.


The known-plaintext attack (KPA) is an attack model for cryptanalysis where the attacker has access to both the plaintext (called a crib), and its encrypted version (ciphertext). These can be used to reveal further secret information such as secret keys and code books. (Wikipedia)


In a chosen-plaintext attack the adversary can (possibly adaptively) ask for the ciphertexts of arbitrary plaintext messages. This is formalized by allowing the adversary to interact with an encryption oracle, viewed as a black box. The attacker’s goal is to reveal all or part of the secret encryption key.

Chosen-plaintext attacks become extremely important in the context of public key cryptography, where the encryption key is public and so attackers can encrypt any plaintext they choose. (Wikipedia)


A chosen-ciphertext attack (CCA) is an attack model for cryptanalysis where the cryptanalyst can gather information by obtaining the decryptions of chosen ciphertexts. From these pieces of information the adversary can attempt to recover the hidden secret key used for decryption.

  • The El Gamal cryptosystem is semantically secure under chosen-plaintext attack, but this semantic security can be trivially defeated under a chosen-ciphertext attack.
  • Early versions of RSA padding used in the SSL protocol were vulnerable to a sophisticated adaptive chosen-ciphertext attack which revealed SSL session keys.
  • Chosen-ciphertext attacks have implications for some self-synchronizing stream ciphers as well.
  • Designers of tamper-resistant cryptographic smart cards must be particularly cognizant of these attacks, as these devices may be completely under the control of an adversary, who can issue a large number of chosen-ciphertexts in an attempt to recover the hidden secret key.




My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

Leave a Reply