RNG for Padding
Hal Finney
hal at finney.org
Sun Mar 16 21:33:19 EDT 2008
Mr Pink writes:
> In Applied Crypto, the use of padding for CBC encryption is suggested
> to be met by ending the data block with a 1 and then all 0s to the end
> of the block size.
>
> Is this not introducing a risk as you are essentially introducing a
> large amount of guessable plaintext into the ciphertext.
>
> Is it not wiser to use RNG data as the padding, and using some kind of
> embedded packet size header to tell the system what is padding?
Back in 2001, there was a discussion of the general issue of altering data
structures to avoid known plaintext on sci.crypt, under the subject of
"Known Plaintext Considered Harmless". A surprising diversity of opinions
were expressed.
http://groups.google.com/group/sci.crypt/browse_thread/thread/f1aae3a2d10dbcd4?tvc=2&q=known+plaintext+considered+harmless
Hal Finney
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list