RNG for Padding

Steven M. Bellovin smb at cs.columbia.edu
Sat Mar 15 18:30:18 EDT 2008


On Fri, 7 Mar 2008 15:04:49 +0100
COMINT <comint at gmail.com> wrote:

> Hi,
> 
> This may be out of the remit of the list, if so a pointer to a more
> appropriate forum would be welcome.
> 
> In Applied Crypto, the use of padding for CBC encryption is suggested
> to be met by ending the data block with a 1 and then all 0s to the end
> of the block size.
> 
> Is this not introducing a risk as you are essentially introducing a
> large amount of guessable plaintext into the ciphertext.
> 
> Is it not wiser to use RNG data as the padding, and using some kind of
> embedded packet size header to tell the system what is padding?
> 
Maybe -- but you probably have enough guessable plaintext elsewhere
that a bit more simply doesn't matter much.  See, for example, my 1997
paper "Probable Plaintext Cryptanalysis of the IP Security Protocols,"
http://www.cs.columbia.edu/~smb/papers/probtxt.pdf


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list