Lets look at the padding issue with CIPE.
The first complaint is that it is "limited to 3 bits, making it unusable with
any recent 128-bit block cipher".
The second complaint is that "makes it impossible to disguise message
by padding messages to a fixed size".
Complaint number one is wrong and comes from a misreading of the
specification. In fact CIPE pads to the next multiple of 8 bytes - making the
message length a multiple of 64 bits as required for a 64 bit cipher running
in CBC. It is correct that this is not suitable for a 128 bit cipher. Almost
everyone uses Blowfish and as far as I know there are no practical attacks
discovered against this cipher. Padding to 16 bytes would be trivial to add
if the need arises.
Complaint two concerns traffic analysis or at least trying to help to decide
which packets are worthy of extra attention e.g. key exchanges.
Traffic analysis is a black art and it is not appropriate to open this
Pandora's box here - I'm not sure how many so called secure systems would
fail if traffic analysis were the deciding criterion. What is important is to
understand is what is being advocated here as a solution.
In order to disguise the nature of the payload all packets need to be the
length. That means you need to pad all packets to the largest possibe size.
If you want to take the bandwidth hit then this is a trivial change to make.
The padding issue is of no concern in the real world. If it bothers you that
an attacker may be learning something about what you are doing from the
lengths of the packets on the wire then you probably do need to hire a crypto
Best regards to all