1

Let's suppose the following context in php:

  • A string: $string= "my beautiful and unique string"
  • An encoding key: $key= "mybinaryencodingkey"
  • Encryption of the string several times, for example in a php function like this:

$encrypted_1 = sodium_crypto_secretbox($string, "nonce1", $key);

$encrypted_2 = sodium_crypto_secretbox($string, "nonce2", $key);

$encrypted_3 = sodium_crypto_secretbox($string, "nonce3", $key);

...

$encrypted_X = sodium_crypto_secretbox($string, "nonceX", $key);

This will produce different random values $encrypted_1, $encrypted_2, $encrypted_3,..., $encrypted_X that I can use for example in a cookie.

So far so good!

An now the question:

As all the encrypted values are based on the same $string and same $key Is it easy or nearly impossible to guess $string and $key on the basis of several encrypted values?

gilbertdelyon
  • 11
  • 3
  • With a good encryption function you will not have any more information than you would with only one cyphertext. In effect using a different nonce means you are using a different key. With a badly designed encryption function, some information might leak. – rossum Jul 02 '23 at 14:28

1 Answers1

-1

instead of encrypting same string seven times try to encrypt the encrypted string again like the following way.

$encrypted_1 = sodium_crypto_secretbox($string, "nonce1", $key);

$encrypted_2 = sodium_crypto_secretbox($encrypted_1 , "nonce2", $key);

$encrypted_3 = sodium_crypto_secretbox($encrypted_2, "nonce3", $key);

and so on. It will make it difficult to decrypt the value.

Pulkit Goel
  • 56
  • 5