[117484] in cryptography@c2.net mail archive
Re: RNG for Padding
daemon@ATHENA.MIT.EDU ("Hal Finney")
Tue Mar 18 13:59:47 2008
To: comint@gmail.com, cryptography@metzdowd.com
Date: Sun, 16 Mar 2008 17:33:19 -0800 (PST)
From: hal@finney.org ("Hal Finney")
Mr Pink writes:
> In Applied Crypto, the use of padding for CBC encryption is suggested
> to be met by ending the data block with a 1 and then all 0s to the end
> of the block size.
>
> Is this not introducing a risk as you are essentially introducing a
> large amount of guessable plaintext into the ciphertext.
>
> Is it not wiser to use RNG data as the padding, and using some kind of
> embedded packet size header to tell the system what is padding?
Back in 2001, there was a discussion of the general issue of altering data
structures to avoid known plaintext on sci.crypt, under the subject of
"Known Plaintext Considered Harmless". A surprising diversity of opinions
were expressed.
http://groups.google.com/group/sci.crypt/browse_thread/thread/f1aae3a2d10dbcd4?tvc=2&q=known+plaintext+considered+harmless
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com