[Cryptography Team] Re: block-based cipher padding

Chris Muller chris at funkyobjects.org
Tue Jul 11 02:29:45 UTC 2006 

Hi Ron,

To communicate with with external systems you will have to know the
exact padding scheme they use.  Different systems may use different
padding schemes so it may be a good idea to factor our padding behavior
into some sort of pluggable scheme so we can accomodate varying systems
more easily.

I implemented scheme #2 on page 68 of "Practical Cryptography".  It is
very simple and I believe I implemented it correctly (test case), so
the difference in the test results is probably due to your test using a
different padding scheme.

In that section of the book the authors say, "Either padding scheme
works just fine.  There are no cryptographic ramifications to padding. 
Any padding scheme is acceptable, as long as it is reversible.  The two
we gave are just the simplest ones."  Simple is nice.

We can't turn off padding (although streaming modes like the suggested
CTR mode don't need it), but pluggable padding schemes seems like a
fine solution to me.  Try to keep it simple!  :)

Regards,
  Chris

--- Ron Teitelbaum <Ron at USMedRec.com> wrote:

> Hi Chris,
> 
>  
> 
> I've finally figured out what was going wrong with some of my CBC
> tests.  I
> have some more questions about padding.
> 
>  
> 
> The test:
> 
>  
> 
>             Case #3: Encrypting 48 bytes (3 blocks) using AES-CBC
> with
> 128-bit key
> 
>             Key : 0x6c3ea0477630ce21a2ce334aa746c2cd
> 
>             IV : 0xc782dc4c098c66cbd9cd27d825682c81
> 
>             Plaintext : This is a 48-byte message (exactly 3 AES
> blocks)
> 
>             Ciphertext: 0xd0a02b3836451753d493665d33f0e886
> 
>             2dea54cdb293abc7506939276772f8d5
> 
>             021c19216bad525c8579695d83ba2684
> 
>  
> 
> Is returning the value:
>
'D0A02B3836451753D493665D33F0E8862DEA54CDB293ABC7506939276772F8D5021C19216BA
> D525C8579695D83BA2684D248B3E0F2388C137102846EB06272FF'  which is
> correct
> except for the padding.  Since we are using the padding and it will
> be
> removed in our system should this be considered a passing test?
> 
>  
> 
> My guess is yes but if we send these encrypted values to other
> systems will
> they know how to un-pad and decrypt the cipherText?  In other words,
> how
> widely adopted is Schneier's and Ferguson's padding suggestion? 
> Should we
> enable a switch to allow developers to turn this off?
> 
>  
> 
> Ron Teitelbaum
> 
> President / Principal Software Developer
> 
> US Medical Record Specialists
> 
> Ron at USMedRec.com
> 
> Squeak Cryptography Team Leader
> 
>

More information about the Cryptography mailing list