Pad to next multiple of 128

[ghost]

That looks ok to apply a minimum padding, although longer messages could still have variable lengths which might be indicative of the content (i.e. maybe not entirely forward secret).

[kalkin]

Actually I think the best approach would be to specify a MAX_MSG_LEN and to pad every plaintext with (random(len(plaintext), MAX_MSG_LEN). Of course we shouldn't allow sending any messages bigger than MAX_MSG_LEN. If MAX_MSG_LEN == 4096, this shouldn't be an issue.

[ghost]

That would completely standardise the message length, and it's another possible approach. An assumption is that you won't be embedding anything larger than 4096 characters into the message.