RNG for Padding
Steven M. Bellovin
smb at cs.columbia.edu
Sat Mar 15 18:30:18 EDT 2008
On Fri, 7 Mar 2008 15:04:49 +0100
COMINT <comint at gmail.com> wrote:
> Hi,
>
> This may be out of the remit of the list, if so a pointer to a more
> appropriate forum would be welcome.
>
> In Applied Crypto, the use of padding for CBC encryption is suggested
> to be met by ending the data block with a 1 and then all 0s to the end
> of the block size.
>
> Is this not introducing a risk as you are essentially introducing a
> large amount of guessable plaintext into the ciphertext.
>
> Is it not wiser to use RNG data as the padding, and using some kind of
> embedded packet size header to tell the system what is padding?
>
Maybe -- but you probably have enough guessable plaintext elsewhere
that a bit more simply doesn't matter much. See, for example, my 1997
paper "Probable Plaintext Cryptanalysis of the IP Security Protocols,"
http://www.cs.columbia.edu/~smb/papers/probtxt.pdf
--Steve Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list