cryptography - 为不同的收件人重复使用随机数?
问题描述
我正在生成一个新的随机对称密钥,并希望将其传递给使用crypto_box_easy
. 可以为相同的消息和相同的发件人但为不同的收件人重复使用相同的(随机)随机数吗?可以将相同的随机数用于具有随机密钥和的对称加密crypto_secretbox_easy
吗?
由于 nonce 必须与加密消息一起提供,它无论如何都不能被隐藏,但是在多个不同的接收者之间重复使用是个问题吗?如果他们提供了一个生成错误的公钥,那是否会以一种可以提取其他人的密钥的方式削弱加密?
非常感谢。
解决方案
A nonce can be reused as long as a (key, nonce) tuple is not reused.
You're right that reusing a nonce with the same key would result in a catastrophic loss of privacy with a stream cipher like XSalsa20
.
The thing is, crypto_box_easy
uses the recipients public key to generate a shared secret that is then used with a nonce.
Thus even with a static nonce, the (nonce, key) pair for each recipient will be different.
Although, it's not acceptable to use the same (nonce, key) pair twice, you can use the same nonce for each recipient, but only once.
It's acceptable to use the same nonce once for each recipient using the crypto_box_easy
construct ONCE.
It even states this in the libsodium documentation:
The nonce doesn't have to be confidential, but it should be used with just one invocation of crypto_box_easy() for a particular pair of public and secret keys.
i.e. for one message per recipient.
推荐阅读
- java - 使用 Firebase 登录
- ruby-on-rails - Ruby on Rails:未初始化的常量
- c# - c#从Xtragrid导出到Xlsx时隐藏(垂直/水平)行
- webstorm - 在 WebStorm 中清理代码的键盘快捷键
- php - 在laravel中卷曲的网址是什么
- c# - 基于计时器更新集合 throws 'Collection was modified; 枚举操作可能无法执行。
- c# - 来自 C# 身份验证问题的 Google ML-Engine 预测
- android - 添加/删除我的科尔多瓦插件
- c# - 为模式“onvif”生成类时出错
- matlab - Matlab 的 Psychtoolbox 中游戏手柄的轴值错误