I'm looking at the SHA-256 algorithm. The padding consists of a single '1', followed by as many 0's as needed to made the size of the block congruent to 448 mod(512), and then the size of the message (excluding the 1 and the padding) as a 64 bit unsigned integer.
I'm unclear as to the reason for the '1'. A reason that pops-up in unofficial sources is that it serves to prevent birthday attacks but the lenght at the end seems suffiscient to that purpose. Elsewhere it is said that the 1 is needed to make the padding Merkle–Damgård-compliant (MD-compliant) but unless something really eluded me the size feild at the end is clearly suffiscient. see: https://en.wikipedia.org/wiki/Merkle%E2%80%93Damg%C3%A5rd_construction#MD-compliant_padding
Finally a source wrote that this was necessary to process an empty string (why?) and another to make the padding reversible (what for?). I'm always suspicious when I find so many different explainations. Can anyone explain me this with an example.
BTW, this padding is defined in ISO/IEC 9797-1 as Padding Method 2 (with no explainations).