Let's suppose the following context in php:
- A string:
$string= "my beautiful and unique string"
- An encoding key:
$key= "mybinaryencodingkey"
- Encryption of the string several times, for example in a php function like this:
$encrypted_1 = sodium_crypto_secretbox($string, "nonce1", $key);
$encrypted_2 = sodium_crypto_secretbox($string, "nonce2", $key);
$encrypted_3 = sodium_crypto_secretbox($string, "nonce3", $key);
...
$encrypted_X = sodium_crypto_secretbox($string, "nonceX", $key);
This will produce different random values $encrypted_1, $encrypted_2, $encrypted_3,..., $encrypted_X
that I can use for example in a cookie.
So far so good!
An now the question:
As all the encrypted values are based on the same $string
and same $key
Is it easy or nearly impossible to guess $string
and $key
on the basis of several encrypted values?
instead of encrypting same string seven times try to encrypt the encrypted string again like the following way.
and so on. It will make it difficult to decrypt the value.