Module sodiumoxide::padding [−][src]
Expand description
Cryptographic padding routines
Most modern cryptographic constructions disclose message lengths. The ciphertext for a given message will always have the same length, or add a constant number of bytes to it. For most applications, this is not an issue. But in some specific situations, such as interactive remote shells, hiding the length may be desirable. Padding can be used for that purpose.
Algorithm These functions use the ISO/IEC 7816-4 padding algorithm. It supports arbitrary block sizes, ensures that the padding data are checked for computing the unpadded length, and is more resistant to some classes of attacks than other standard padding algorithms.
Notes Padding should be applied prior to encryption, and removed after decryption. Usage of
padding in order to hide the length of a password is not recommended. A client willing to send a
password to a server should hash it instead (even with a single iteration of the hash function).
This ensures that the length of the transmitted data is constant, and that the server doesn’t
effortlessly get a copy of the password. Applications may eventually leak the unpadded length
via side channels, but the sodium_pad() and sodium_unpad() functions themselves try to minimize
side channels for a given length &
Functions
pad | The |
unpad | The |