I have a very simple question. Since XChaCha20 nonces are 192-bit, there's technically no limitation to the max number of message encrypted, since the chances of two random nonces being the same are very very tiny. Is it okay to use the same key, but difference nonces to encrypt large files in chunks? Basically, I read the large file 1KB at a time, encrypt with the same key but random nonce. If the file is 1GB, then I would have used 1000000 nonces. If I encrypted in chunks of 1MB, then I would've used 1000 nonces. Is doing this secure? (Assume everything is authenticated and I use CSPRNGs for nonces)
Asked
Active
Viewed 1,230 times
1 Answers
4
Yes. Indeed, a "nonce" is a number used once. If you ever reuse a (nonce, key) pair, security breaks catastrophically. For a large chunked file, you can simply use the chunk number as the nonce, as long as you re-key after each file and can keep track of the count.
Libsodium's secretstream API does this internally. If possible, use that, as it's far safer than building your own construction.
SAI Peregrinus
- 5,968
- 20
- 27