Known-plaintext attack
A known-plaintext attack uses one or more matching plaintext and ciphertext samples to learn about a key or encryption process.
Definition
In a known-plaintext attack, the analyst possesses ciphertext and knows the corresponding plaintext for part or all of one or more messages. The goal may be to recover the key, infer internal structure, or decrypt other ciphertext protected under related conditions.
Where known plaintext comes from
File headers, protocol fields, standard greetings, predictable templates, and previously disclosed messages can provide pairs. A known-plaintext attack does not mean the attacker chose the input; that stronger capability belongs to a chosen-plaintext attack.
Resistance
Classical substitution and poorly designed reused keystream systems may reveal mappings quickly. Modern encryption is expected to remain secure even with many known pairs. Random nonces and authenticated, reviewed schemes prevent repeated samples from exposing the key.
Not for a secure modern cipher. It may reveal weak classical mappings or implementation mistakes, but key recovery is not automatic.
A probable word is a crib, not confirmed known plaintext, although it can be tested as a hypothesis.
Known-plaintext attackers observe existing pairs; chosen-plaintext attackers can request encryption of inputs they select.