On Mon, May 07, 2001 at 09:23:50PM +0200, Oskar Sandberg wrote:
> > > * to pad data to a power of 2, you repeat the data
> > No. This lends an attack as well, since the attacker can try and assume
> > that several of the last blocks of the file are the same.
>
> Does that matter given that the mode we are using is rolling?
>
> I can see why just using nulls would be a little concerning since that
> would produce a next to unlimited set of known plain and ciphertexts (if I
> remember the mode right, something with all null would make each block
> just the last one encrypted) - but now I think you are getting overly
> paranoid...
This is my suggestion for how to pad the data:
First, make a digest from the bytes of the actual data.
H1 = the digest value
Then use the bytes of H1 to update the digest, and set
H2 = the new digest value
And in general,
Hn+1 = the digest value obtained after updating
the digest with the bytes of Hn
Then repeat the Hn according to this pattern, until enough bytes
are obtained to do the padding:
H1
H1 H2
H1 H2 H3
etc.
This will generate the padding without the need to perform thousands
of hashes, and I _think_ still confounding any analysis based on
repeating blocks, because of the feedback mode.
However, IANAC, so if that's not good enough, we can just do
H1H2H3H4H5 etc. and eat the processing time.
--
# tavin cole
#
# "The process of scientific discovery is, in effect,
# a continual flight from wonder."
# - Albert Einstein
_______________________________________________
Devl mailing list
Devl at freenetproject.org
http://lists.freenetproject.org/mailman/listinfo/devl
