Why do we have to always attach a 16x 0x10 pad even though the last block is already at block-length?
Asked
Active
Viewed 3,722 times
1 Answers
8
You are talking about the PKCS#7 padding. There is a simple reason; assume that when the last block is full and you don't apply the padding before encryption and then send the message.
When decrypting, the receiver needs to see a padding pattern to remove the padding. What if the last byte is 01 of the message? is it padding or the message itself? Similarly with low probability same if the last bytes are 0202, and so on.
Instead of this, padding with 10 for an additional extra plaintext block solves the problem.
There are no reasons to perform this particular kind of padding if the plaintext size is known in advance. It may also not be required if the size of the plaintext can be determined by other means. For instance, ASCII encoded text will generally not contain a byte set to zero, so zero-byte padding may be used if the text is not a multiple of the block size. PKCS#7 padding can however always be removed deterministically, independently of the contents of the message.
Many modes, especially streaming modes such as the popular CTR (counter) mode and derivatives - such as the authenticated GCM mode - do not require padding at all; they operate on plaintext bytes rather than plaintext blocks.
Maarten Bodewes
- 96,351
- 14
- 169
- 323
kelalaka
- 49,797
- 12
- 123
- 211