Re: block encryption algorithm padding from Tom Gindin on 2002-04-16 (xml-encryption@w3.org from April 2002)

From: Tom Gindin <tgindin@us.ibm.com>
Date: Tue, 16 Apr 2002 11:18:56 -0400
To: Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>
Cc: xml-encryption@w3.org
Message-ID: <OF2A3B42AE.4DD469B3-ON85256B9D.0053F6F3@pok.ibm.com>

      Christian:

      That's PKCS#5 padding, not PKCS#7 padding.  AFAIK, there's no such
thing as PKCS#7 padding.  Obviously, X.923 padding and PKCS#5 padding have
the same entropy issues.

            Tom Gindin


Christian Geuer-Pollmann <geuer-pollmann@nue.et-inf.uni-siegen.de>@w3.org
on 04/16/2002 09:36:02 AM

Sent by:    xml-encryption-request@w3.org


To:    xml-encryption@w3.org
cc:
Subject:    Re: block encryption algorithm padding


Just to have a way to name padding mechanisms, here are some examples:

blocklength = 8
datalength = 9
number of pad octets = 7
data=FF FF FF FF FF FF FF FF FF

DATA              FF FF FF FF FF FF FF FF FF
X923Padding       FF FF FF FF FF FF FF FF FF 00 00 00 00 00 00 07
PKCS7Padding      FF FF FF FF FF FF FF FF FF 07 07 07 07 07 07 07
ISO10126d2Padding FF FF FF FF FF FF FF FF FF 7D 2A 75 EF F8 EF 07

X.923 defines to fill the octets before the length with zeroes
PKCS defines to fill the octets before the length with the length value
ISO 10126 D2 defines to fill the octets before the length with random data


Christian

Received on Tuesday, 16 April 2002 11:19:36 UTC