X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=doc%2Fdraft-riikonen-silc-spec-04.nroff;h=5d13832ee09c0b2f76958cb5d8d37bf8191eac7c;hb=c826b9841053da3f00e2c531b25bb22aa49255d5;hp=8071a22efd63068cf960df79234edbdcb6f8ed8a;hpb=c0d9618972274f56277acab0c124cd30c52d2953;p=silc.git

diff --git a/doc/draft-riikonen-silc-spec-04.nroff b/doc/draft-riikonen-silc-spec-04.nroff
index 8071a22e..5d13832e 100644
--- a/doc/draft-riikonen-silc-spec-04.nroff
+++ b/doc/draft-riikonen-silc-spec-04.nroff
@@ -1139,7 +1139,11 @@ o Authentication Data (variable length) - Authentication
 If the authentication method is password based, the Authentication
 Data field includes the plaintext password.  It is safe to send
 plaintext password since the entire payload is encrypted.  In this
-case the Public Data Length is set to zero (0).
+case the Public Data Length is set to zero (0), but MAY also include
+random data for padding purposes.  It is also RECOMMENDED that maximum
+amount of padding is applied to SILC packet when using password based
+authentication.  This way it is not possible to approximate the length
+of the password from the encrypted packet.
 
 If the authentication method is public key based (or certificate)
 the Authentication Data is computed as follows: