Steven M. Bellovin
Sat, 15 Mar 2008 19:54:35 -0700
On Fri, 7 Mar 2008 15:04:49 +0100 COMINT <[EMAIL PROTECTED]> wrote: > Hi, > > This may be out of the remit of the list, if so a pointer to a more > appropriate forum would be welcome. > > In Applied Crypto, the use of padding for CBC encryption is suggested > to be met by ending the data block with a 1 and then all 0s to the end > of the block size. > > Is this not introducing a risk as you are essentially introducing a > large amount of guessable plaintext into the ciphertext. > > Is it not wiser to use RNG data as the padding, and using some kind of > embedded packet size header to tell the system what is padding? > Maybe -- but you probably have enough guessable plaintext elsewhere that a bit more simply doesn't matter much. See, for example, my 1997 paper "Probable Plaintext Cryptanalysis of the IP Security Protocols," http://www.cs.columbia.edu/~smb/papers/probtxt.pdf --Steve Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]