Padding
Last updated
Last updated
The length of a ciphertext from a is equal to the length of the plaintext. In most cases, this is not considered an issue. However, hiding the length of a message can be desirable, and padding can be used to do this.
The amount of padding, determined by the block size, can either be deterministic or . Both have their .
Padding to a block size much smaller than the message length leaves the approximate unpadded length largely unprotected. can be used to limit leakage.
Padding should be applied to the plaintext before encryption and removed from the plaintext after decryption. The amount of padding does not need to be stored.
Fills a span with padding. This can then be with some data.
buffer has a length of 0.
Returns the required buffer size for Pad() based on the unpadded length and a block size (e.g. 16 bytes).
unpaddedLength is less than 0.
blockSize is less than or equal to 0.
The amount of padding is too large.
Fills a span with the data padded up to the specified block size (e.g. a multiple of 16 bytes).
buffer has a length not equal to GetPaddedLength(data.Length, blockSize).
blockSize is less than or equal to 0.
Returns the number of bytes to slice from the end of the padded data.
paddedData has a length of 0.
blockSize is less than or equal to 0.
Incorrect padding.
It is very difficult to hide that cryptography is being used. For example, even if padding is done appropriately and there are no plaintext headers, public keys are .
Using padding to hide the length of a password is NOT recommended. Instead, the password can be prehashed using or on the client before being sent to the server for password hashing.