Plaintext in Cryptography

What is plaintext?

In cryptography, the plaintext is usually ordinary readable text before it is encrypted into ciphertext or readable text after decryption.

Data input to or output from encryption algorithms is not always plaintext. For example, when data is super encrypted or encrypted using different encryption algorithms more than once, only the input to the first encryption method is considered plaintext.

Plaintext vs. cleartext vs. ciphertext: What are the differences?

Plaintext and ciphertext go together like water and ice: One can be converted to the other and back again, with no change to the inherent composition of the useable form. But there is also cleartext, which is not necessarily the same as plaintext.

Binary files are not usually considered plaintext, because they are not human-readable — but they are still accessible to end users. Examples of non-plaintext binary files include the following:

  • executable program files;
  • rich media files, including images, video, and audio recordings; and
  • Data files are generated by applications like spreadsheets, databases, and word processors, which may be partially or wholly stored as binary data.

In Request for Comment (RFC) 4949, “Internet Security Glossary, Version 2,” the Internet Engineering Task Force differentiates between plaintext and cleartext, noting that the two terms are not interchangeable. For internet security, cleartext data is not encrypted, while plaintext data could be encrypted if it is super encrypted.

According to the National Institute of Standards and Technology (NIST), plaintext refers to “intelligible data that has meaning and can be understood without the application of decryption.” However, this is one of several definitions NIST recognizes — including the IETF definition.

This table shows the differences between the three types of cryptography text -- plaintext, cleartext and ciphertext.

What are examples of plaintext?

For most applications, plaintext is preferred. For example, a browser, word processor, or email client should display plaintext. However, network protocols used in the early internet sometimes exchanged user ID and password pairs in plaintext. This is not good security practice because it exposes user credentials for systems accessed remotely over a public network like the Internet. The open-source Mimikatz cybersecurity tool is designed to sniff open networks for plaintext user credentials, among other functions.

Other examples where using a protocol or application that does not encrypt user ID and password exposes credentials include the following:

  • The Password Authentication Protocol described a two-way handshake authentication exchange protocol, but it had no provision for encrypting credentials.
  • Plaintext passwords written in application configuration files expose those credentials. Less commonly, developers leave plaintext passwords in their source code, exposing those credentials.
  • Protecting passwords in PowerShell scripts. Developers must take precautions to avoid exposing those passwords in their scripts.
  • Sharing secret or private keys in email clients presents a common situation when using encryption and decryption. Protocols and applications using shared secrets for authentication should always be designed and configured to encrypt shared keys — and early internet protocols like were not always designed to do so. For example, the Internet Mail Access Protocol (IMAP) is an email client protocol for retrieving and managing email messages. IMAP originated in the 1980s, and legacy deployments did not always require encryption for credentials.

Cyber attacks commonly target resources stored in plaintext. Many attacks succeed by uncovering plaintext files that contain passwords or other sensitive information in plaintext rather than encrypted.

Often, plaintext is preferred for the content in question. For example, plaintext emails are messages that contain only text. Promotional email campaigns often use plaintext messages to avoid strict spam-filtering systems that tend to block messages that are HyperText Markup Language-encoded or that add other binary components.

There’s a little-known middle ground between ciphertext and plaintext that helps retain the ability to process metadata from encrypted data. Find out why, sometimes, format-preserving encryption could be a good fit.

This was last updated in November 2021


Nord VPN
60% off Nord VPN
Coinbase - Getty Images - 1234552839
Coinbase – Crypto Currency – Sign up with this link and get $10 free?! Buy/sell/exchange crypto, and use their ATM card to access your cash easily!
Chase Sapphire Preferred - Travel Points
NordPass - Password Manager - CJ Banner
https://www.dpbolvw.net/click-100604079-15345170
Binance Cryptowallet - Buy/Sell
Binance Blockchain
Amazon - Daily Deals
Amazon’s Daily Deals!
Your favorite restaurants are delivered to your front door! Grubhub!
Game Fly
Game Fly Video Game Rentals!

Please enter CoinGecko Free Api Key to get this plugin works.