I think a completely known-plaintext attack would not impress the masses. Consider how often crypto illiterate programmers implement ciphers (such as Vigenere variants) which are obviously vulnerable to known-plaintext attacks. The idea seems to be that if you know the plaintext, what do you need the key for? _We_ may know better, but I think we are in the minority.
You have got to be kidding! Where are you getting this "idea" from? Since when is recovering the plaintext following and preceeding the known plaintext not of _any_ interest? In regards to known ciphertext. Can't you just calculate the time required to successfuly perform known ciphertext only attack from the time to successfuly break known plaintext? I agree with earlier posters. I am glad RSA putting up some real money for this and as such I respect their design of the contest. What I am curious about is wether the chaining mode will be "given" as part of the contest, but I'll gladly wait till AFTER Peter is done with his program to get an answer. Regards, Bernie Doehner