On 9/25/2019 at 5:04 AM, "Justus Winter" <justuswinter(_at_)gmail(_dot_)com>
wrote:
There is a correlation between the size of the encrypted message
and the size of the plaintext. On first sight, compression helps with
that, but that makes the size dependent on the entropy of the
plaintext, which also leads to problems as discussed previously.
Padding alleviates this problem, the tradeoff being an increased
message size.
=====
It really doesn't matter once the message is past a certain length.
Whatever correlation there might be with the plaintext and message size,
once the message is long enough, attackers can't do more than speculate about
the plaintext content.
For very short messages,
it's enough if the sender just presses the spacebar at the end of the message
until the plaintext is the desired size.
(And even then, only if the sender feels that there might be some vulnerability
with the size of the plaintext, which is usually not the case. )
In any event, it's enough if there is a cautionary note in the rfc about the
correlation between plaintext size and encryption, and suggest, that if this is
an issue for the sender and receiver, then a workaround could be to simply add
some padding at the end which doesn't interfere or obscure the content of the
plaintext.
vedaal
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp