#Cryptography question: I would like to use libsodium for secret-key encryption, but it requires a nonce, and I need the encryption to be deterministic/convergent (for deduplication).
Is "deriving the nonce from the data by hashing it" a reasonable solution to this problem, or does that have some issue I am not aware of?
@joepie91 I'm not an expert on the matter, but most encryption algorithms that include a nonce do require it to prevent leaking of e.g. secret key material (something something playstation signature key or something), so if libsodium requires a nonce for that algorithm it seems likely that the specific algorithm isn't built for your use-case. Different algorithms have different use-cases, don't get discouraged if the one you looked at doesn't seem to fit the bill.
@benaryorg The problem is that just about everything seems to require a nonce nowadays. Which is understandable, given how important it is for typical cases, but convergent encryption is very much an edgecase.
@joepie91 what about encryption each chunk you want to encrypt with a randomly chosen nonce then and storing the nonce with the data? I get that's not always possible of course.
@benaryorg (Which has been an absolute pain in the design process, but that's a different discussion 🙃)