In cryptography, plaintext (occasionally, cleartext, though there are differences) is information used as input to an encryption algorithm. This could be, for example, a diplomatic message, a bank transaction, an email, a diary — any information that someone might want to prevent others from reading. During encryption, if the plaintext is transformed by a cipher algorithm, the result will be a ciphertext. This is the most common case in modern cryptography. If done by a code, the result is codetext. The term plain text has a distinct meaning related to formatting, not cryptography, but there is some usage confusion.

Secure handling of plaintext

In the operation of any cryptosystem, plaintext must be handled properly lest an attacker gain considerable advantage. This is not strictly an issue of cryptosystem design, but rather user knowledge, training, and performance.

First and most obviously, plaintext must be stored carefully. If the information is important enough to entrust to a cryptosystem for protection, it is probably sufficiently important not to lose it in other ways.

If printed out, the paper copy must be stored securely. Most file cabinets, locked office desk drawers, and many safes, are (laughably) easily opened. Offices themselves are not always secured sensibly after hours, or even during hours in too many cases, and so on. Since dumpster diving is widely possible, and reconstruction of even shredded sheets possible for those sufficiently committed to their recovery, discarded printed plaintexts must be thoroughly crosscut shredded, burned, or otherwise made un-diveable.

If plaintext is kept in a computer file, the disk (or perhaps the entire computer) and its components must be secure. In the case of securing a computer, that security must be physical (eg, against burglary, brazen removal under cover of a repair, etc) as well as virtual (eg, bugs, illicit network access, Trojan programs, ...). A removable disk (or extractable disk drive) is an obvious possibility, in which case physical security of the removed disk is probably most important.

Laptop computers are a special problem. The US State Department, the British Secret Service, and the US Department of Defense have all had laptops containing secret information, presumably in readable text form, 'vanish' in recent years. Discarded computers (and disks and disk drives) are also a potential source of plaintexts. Unerased files (including any plaintexts which may have been present) will still be readable; several enterprising projects have demonstrated this recently. Perhaps the most famous is an MIT student project which found a wide variety of personal/proprietary/confidential information on discarded, and on recycled, computer equipment.

Erased files may be accessible as well. Most operating systems do not actually erase anything — they simply mark the disk space occupied by the 'erased' file as 'available for use', thus making the file a former file. The information in a file 'erased' in this way remains fully present until overwritten at some later time when the operating system reuses the disk space. On large disks, this 'later time' may be months, or even never. Even overwriting that part of a disk occupied by a file before erasing it is insufficient in many cases. Peter Gutmann of the University of Auckland wrote a celebrated paper some years ago on the recovery of overwritten information from magnetic disks. Some government agencies (eg, NSA) require that all disk drives be physically pulverized when they are discarded, and in some cases, chemically treated with corrosives before or after.

Second, possession of any plaintext whatsoever, whether it is itself meaningful (and perhaps sensitive) or merely some administrivia, makes several cryptanalytic attacks either possible or easier. This implies it's best to process the information being sent in some way unhelpful to the attacker prior to using it as actual plaintext input for cryptosystem processing. For instance, padding is often used, and it is common in well designed crypto systems to run all messages being sent through a data compression algorithm prior to submitting the result (the actual plaintext for encryption to a cryptosystem. This provides at least some masking for stereotyped headings and introductions in the original message. However, some compression algorithms themselves generate stereotyped (and so predictable) structures in which are stored the redundant data allowing decompression. They must, thus, be chosen with care.

If the compressed plaintext is erased (but recall the difficulty in erasing files mentioned above), then plaintext won't be available at all.

Russian copulation has also been used to obscure headings and introductions though, in modern contexts, with message material which may not be readily 'decopulated' on simple inspection, this has become less useful in practice.

See also

plain text, cleartext