[147031] in cryptography@c2.net mail archive
Re: [Cryptography] Availability of plaintext/ciphertext pairs (was
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Wed Sep 11 13:48:04 2013
X-Original-To: cryptography@metzdowd.com
Date: Wed, 11 Sep 2013 13:47:58 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: Raphael Jacquot <sxpert@sxpert.org>
In-Reply-To: <FF6D0583-5234-4B90-B3A7-74C171453D71@sxpert.org>
Cc: "cryptography@metzdowd.com" <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Wed, 11 Sep 2013 06:49:45 +0200 Raphael Jacquot
<sxpert@sxpert.org> wrote:
> according to http://en.wikipedia.org/wiki/Padding_(cryptography) ,
> most protocols only talk about padding at the end of the cleartext
> before encryption. now, how about adding some random at the
> beginning of the cleartext, say, 2.5 times the block size, that is
> 40 bytes for the example above, of random stuff before the
> interesting text appears ?
The padding at the end is to make sure that you have a full block of
data for a block cipher, since your actual message will usually be
shorter than a full block. In symmetric systems, it is not per se a
security feature. (Asymmetric
Adding padding at the front to prevent cryptanalysts from using cribs
(that is, known plaintext) seems useless to me. Even if the padding
was of random length, it is of necessity going to be short. If you
have a technique that depends on known plaintext, crib dragging (that
is, trying all of the small number of possibilities) is easy.
Perry
--
Perry E. Metzger perry@piermont.com
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
