[Cryptography] Availability of plaintext/ciphertext pairs (was Re: In the face of "cooperative" end-points, PFS doesn't help)

Perry E. Metzger perry at piermont.com
Wed Sep 11 13:47:58 EDT 2013

On Wed, 11 Sep 2013 06:49:45 +0200 Raphael Jacquot
<sxpert at sxpert.org> wrote:
> according to http://en.wikipedia.org/wiki/Padding_(cryptography) ,
> most protocols only talk about padding at the end of the cleartext
> before encryption. now, how about adding some random at the
> beginning of the cleartext, say, 2.5 times the block size, that is
> 40 bytes for the example above, of random stuff before the
> interesting text appears ?

The padding at the end is to make sure that you have a full block of
data for a block cipher, since your actual message will usually be
shorter than a full block. In symmetric systems, it is not per se a
security feature. (Asymmetric 

Adding padding at the front to prevent cryptanalysts from using cribs
(that is, known plaintext) seems useless to me. Even if the padding
was of random length, it is of necessity going to be short. If you
have a technique that depends on known plaintext, crib dragging (that
is, trying all of the small number of possibilities) is easy.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list