X-Git-Url: http://git.claws-mail.org/?p=claws.git;a=blobdiff_plain;f=doc%2Fsrc%2Fpassword_encryption.txt;h=f618378d3e2349e8b277053f7bcfa8d3f1e0c0ae;hp=77464993f18ecab36ea71328f64afc2c1888209b;hb=a7f0d049b6a7f1df5fe4e6487ddbb140c22370e0;hpb=43a5970e1f7b623fb3641d7e384fb07ba2a8d4d4

diff --git a/doc/src/password_encryption.txt b/doc/src/password_encryption.txt
index 77464993f..f618378d3 100644
--- a/doc/src/password_encryption.txt
+++ b/doc/src/password_encryption.txt
@@ -12,9 +12,18 @@ IV (initialization vector) for the cipher is filled with random bytes.
 
 Encryption
 ----------
-We prepare a buffer 128+blocksize bytes long, with one block of random
-data at the beginning, followed by the password we want to encrypt (in
-UTF-8), rest is padded with zero bytes.
+We prepare a buffer long enough to fit the NULL-terminated password string
+plus one cipher block in it, with one block of random data at the beginning,
+followed by the password we want to encrypt (in UTF-8), rest is padded
+with zero bytes.
+
+The minimal buffer size is 128+blocksize, and if the password (including
+the trailing NULL byte) is longer than 128 bytes, the size is increased by
+another 128 bytes until it is long enough to fit the password plus one
+cipher block. This is to make it harder to guess the password length from
+length of the encrypted string. So for example, if the password (again,
+including the trailing NULL byte) is 129 characters long, our buffer will
+be 256+blocksize bytes long.
 
 We encrypt the buffer using the encryption key and IV mentioned above,
 resulting in ciphertext of the same length as the buffer.