Editing Stream cipher attacks (section)

==Bit-flipping attack==<!-- This section is linked from [[Man-in-the-middle attack]] -->
{{main|Bit-flipping attack}}
{{see also|Malleability (cryptography)}}
Suppose an adversary knows the exact content of all or part of one of our messages. As a part of a [[man in the middle attack]] or [[replay attack]], they can alter the content of the message without knowing the key, ''K''. Say, for example, they know a portion of the message, say an electronics fund transfer, contains the [[ASCII]] string ''"$1000.00"''. They can change that to ''"$9500.00"'' by XORing that portion of the ciphertext with the string: ''"$1000.00" xor "$9500.00"''.  To see how this works, consider that the cipher text we send is just ''C(K) xor "$1000.00"''. The new message the adversary is creating is:

:''(C(K) xor "$1000.00") xor ("$1000.00" xor "$9500.00") = C(K) xor "$1000.00" xor "$1000.00" xor "$9500.00" =  C(K) xor "$9500.00"''

Recall that a string [[Exclusive or|XORed]] with itself produces all zeros and that a string of zeros XORed with another string leaves that string intact. The result, C(K) xor "$9500.00", is what our ciphertext would have been if $9500 were the correct amount.

Bit-flipping attacks can be prevented by including [[message authentication code]] to increase the likelihood that tampering will be detected.