During World War II, British cryptanalyst John Tiltman accomplished this with the Lorenz cipher (dubbed "Tunny").
Another situation where recovery is trivial is if traffic-flow security measures have each station sending a continuous stream of cipher bits, with null characters (e.g. LTRS in Baudot) being sent when there is no real traffic.
This is done in several common systems that use the popular stream cipher RC4, including Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA) and Ciphersaber.
Bit-flipping attacks can be prevented by including message authentication code to increase the likelihood that tampering will be detected.
Stream ciphers combine a secret key with an agreed initialization vector (IV) to produce a pseudo-random sequence which from time-to-time is re-synchronized.
Typically multiple pairs of IV are chosen and differences in generated key-streams are then analysed statistically for a linear correlation and/or an algebraic Boolean relation (see also Differential cryptanalysis).
If choosing particular values of the initialization vector does expose a non-random pattern in the generated sequence, then this attack computes some bits and thus shortens the effective key length.