updates.

[silc.git] / doc / draft-riikonen-silc-spec-04.nroff

diff --git a/doc/draft-riikonen-silc-spec-04.nroff b/doc/draft-riikonen-silc-spec-04.nroff
index 8071a22efd63068cf960df79234edbdcb6f8ed8a..5d13832ee09c0b2f76958cb5d8d37bf8191eac7c 100644 (file)
--- a/doc/draft-riikonen-silc-spec-04.nroff
+++ b/doc/draft-riikonen-silc-spec-04.nroff
@@ -1139,7 +1139,11 @@ o Authentication Data (variable length) - Authentication
 If the authentication method is password based, the Authentication
 Data field includes the plaintext password.  It is safe to send
 plaintext password since the entire payload is encrypted.  In this
-case the Public Data Length is set to zero (0).
+case the Public Data Length is set to zero (0), but MAY also include
+random data for padding purposes.  It is also RECOMMENDED that maximum
+amount of padding is applied to SILC packet when using password based
+authentication.  This way it is not possible to approximate the length
+of the password from the encrypted packet.
 
 If the authentication method is public key based (or certificate)
 the Authentication Data is computed as follows: