In cryptography, padding is the practice of adding material of varying length to the plaintext of messages. The padding is supposed to be discarded before the plaintext is delivered to the recipient. Historically, padding was used to make cryptanalysis more difficult. It has been practiced for many hundreds of years, but is now used for more technical reasons with block ciphers, cryptographic hashes and public key cryptography. Cryptography has had a long and colourful history. ... The plain text term has shit a different meaning. ... Cryptanalysis (from the Greek kryptós, hidden, and analýein, to loosen or to untie) is the study of methods for obtaining the meaning of encrypted information without access to the secret information which is normally required to do so. ... In cryptography, a block cipher is a symmetric key cipher which operates on fixed-length groups of bits, termed blocks, with an unvarying transformation. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ... Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. ...

Past uses

Official messages often start and end in predictable ways: My dear ambassador, Weather report, Sincerely yours, etc. The primary use of padding with classical ciphers is to prevent the cryptanalyst from using that predictability to find cribs that aid in breaking the encryption. Random length padding also prevents an attacker from knowing the exact length of the plaintext message. In cryptography, a classical cipher is a type of cipher used historically but which now have fallen, for the most part, into disuse. ... In cryptanalysis, a crib is a sample of known plaintext; the term originated at Bletchley Park, the British codebreaking operation during World War II (WWII). ...

Many classical ciphers arrange the plaintext into particular patterns (e.g., squares, rectangles, etc) and if the plaintext doesn't exactly fit, it is often necessary to supply additional letters to fill out the pattern. Using nonsense letters for this purpose has a side benefit of making some kinds of cryptanalysis more difficult.

Modern usage

When using block ciphers, plaintext data is handled one block at a time; typical block sizes are 64 bits (as in DES) and 128 bits (AES). Plaintext data rarely exactly fills the last block, so padding is required. One method is to fill out the last block with a 1 bit followed by zero bits. If the input happens to fill up an entire block, another block is added to accommodate the padding; otherwise, the end of the input plaintext might be misinterpreted as padding. Ciphertext stealing is an alternative. Likewise, the inner workings of cryptographic hash functions process input in blocks and thus require padding. This article is about the DES encryption algorithm. ... This article is about the block cipher. ... In cryptography, ciphertext stealing is a variation of Cipher Block Chaining (CBC) that does not require any padding, at the cost of significantly increased complexity. ... In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ...

Public key cryptosystems like RSA usually treat plaintext as a single large number in a formula. Such numbers often have to have certain mathematical properties to avoid compromising the security of the cryptosystem, such as being even, lying within a certain range of numbers, or not being greater than 1. Standard padding schemes such as PKCS ensure that all possible plaintexts can be turned into appropriate numbers for encryption. Public key cryptography is a form of cryptography which generally allows users to communicate securely without having prior access to a shared secret key, by using a pair of cryptographic keys, designated as public key and private key, which are related mathematically. ... In cryptography, RSA is an algorithm for public key encryption. ... In cryptography, PKCS refers to a group of Public Key Cryptography Standards devised and published by RSA laboratories in California. ...

A sort of padding more akin to its historical uses has been suggested by Ronald Rivest to entirely conceal the existence of a message within a larger data sequence. His term is 'chaffing and winnowing'. It is a form of steganography. Professor Ron Rivest Professor Ronald Linn Rivest (born 1947, Schenectady, New York) is a cryptographer, and is the Viterbi Professor of Computer Science at MITs Department of Electrical Engineering and Computer Science. ... Chaffing and winnowing is a cryptographic technique to achieve confidentiality without using encryption when sending data over an insecure channel; it was conceived by Ron Rivest. ... Steganography is the art and science of writing hidden messages in such a way that no one apart from the intended recipient knows of the existence of the message; this is in contrast to cryptography, where the existence of the message itself is not disguised, but the meaning is obscured. ...

Padding can also be used to prevent certain stream cipher attacks and deny an adversary knowledge of the plaintext length (by varying the amount of padding used). Stream ciphers where plaintext bits are combined with a cipher bit stream by an exclusive-or operation (xor) can be very secure if used properly. ...

A famous example

At the Battle of Leyte Gulf in WWII, the Japanese Navy planned to attack the landings, but wished to do so only after drawing away the US Navy's covering (aircraft carrier) Task Force 34. They managed to attract Admiral Halsey's attention (by dangling most of their remaining large ships, including carriers, as bait), and he went after them. The remaining Japanese forces carried out several attacks on the landing operation off Samar, and an encrypted message was radioed to Halsey from Admiral Nimitz (the Pacific Fleet Commander). The message itself included both initial and trailing padding. The radioman who did the encryption added the padding from an approved list, just as he had been trained to do. It was not excised by the receiving operator who was not completely certain it was not part of the message. The Battle of Leyte Gulf was a naval battle of the Pacific Campaign of World War II, fought in the seas around the island of Leyte in the Philippines from 23 October to 26 October 1944. ... German soldiers at the Battle of Stalingrad World War II was the most extensive and costly armed conflict in the history of the world, involving the great majority of the worlds nations, being fought simultaneously in several major theatres, and costing tens of millions of lives. ... The Imperial Japanese Navy (IJN) (大日本帝國海軍 Dai-Nippon Teikoku Kaigun or 日本海軍 Nippon Kaigun) was the navy of Japan before 1945. ... An aircraft carrier is a warship whose main role is to deploy and recover aircraft—in effect acting as a sea-going airbase. ... William Bull Halsey William Frederick Bull Halsey, Jr. ... Samar is an island in the Visayas, which is in the central Philippines. ... Chester Nimitz Chester William Nimitz (February 24, 1885 _ February 20, 1966) was the Commander in Chief of Pacific Forces for the United States and Allied forces during World War II. He was the nations leading authority on submarines, as well as Chief of the Navy Bureau of Navigation...

The padding – added to the end of the plaintext, Where is repeat where is Task Force 34?, before encryption – was, 'the world wonders'. Halsey did not appreciate the (unintended) editorial comment on his decision to attempt to sink most of what was left of the Japanese Navy. The world wonders was padding added by a radioman to a US Navy message from Admiral Chester Nimitz to Admiral William Halsey, Jr. ...

See also

• Russian copulation, another technique to prevent cribs
• Initialisation vector, salt (cryptography), which are sometimes confused with padding