Key length obscurity issue

[SA-10125]

Currently, when key1 and key2 are encrypted, the number of packets created is directly proportional to the length of the key.
Hence, an attacker can count the number of packets created for each encryption operation and get the key length which makes brute force much more feasible and easier.
ex: if the attacker tracks that 2 packets were made for the first key, they can get the length of the key using

Number of packets = ceil(data_length / 18) (from makepackets)
This reveals: key1_length ≈ num_packets_at_seed × 18

A possible fix would be to make the number of packets for any key fixed by strategically adding junk (like a constant letter z) and padding the key to a fixed length.

[balaraj74]

can i get assign for this

[Gowda-Arjun]

i Would like to be assigned this

[SA-10125]

!assign @Gowda-Arjun

[SA-10125]

I have assigned Gowda-Arjun since balaraj is assigned on another issue.

[SA-10125]

@Gowda-Arjun can you tell me your thought process on how you plan on going about this?