[Cryptography] Low grade randomness for padding.

Kristian Gjøsteen kristian.gjosteen at ntnu.no
Thu Feb 11 07:50:35 EST 2021

9. feb. 2021 kl. 23:22 skrev Jon Callas <jon at callas.org>:
> I would do zeros. It minimizes all sorts of issues, starting with side channels, going through covert channels etc. (remember when people stressed out over DSA covert channels?) as well as other things like the inevitable subtle error of the random stuff being interpreted and not being able to actually test the bizarre behavior after the fact.

I want to emphasise padding with zeros as the obviously correct answer.

If padding with zero gives you a problem, padding with zero is not your actual problem.

Kristian Gjøsteen

More information about the cryptography mailing list