Good day. I want to ask why 24 bytes Nonce (IV) is used in header when the Xsalsa20 cipher works with 192bytes Nonce. What is the difference between them?
This source may help you:
Basically, nonce copy to two parts, first 16 bytes are used sub-key generation and followed 8 bytes are counter fixed bytes.
I want to ask you, I don't know if I understand it correctly, but for the code you did crypt_rclone and the user enters a password (or salt) and a hash scrypt function creates a string called a key, where the key represents the input key and also the input is a nonce, block counter and Salsa20 consensus depending on the size of the key.
crypt_rclone uses nacl/secretbox as a black box, it needs message bytes, key bytes(32bytes), nonce bytes(24bytes). User defined password/salt(password2) make key bytes. The nonce bytes are generated randomly on encryption and saved in header.
In the secretbox, provided key bytes(32bytes) and nonce bytes(24bytes) are used sub-key generation which used real encryption.
In this part, nonce bytes are separated first 16 bytes and followed 8 bytes, first one used sub-key generation random part and second one used as 'counter' fixed part.
Well thank you I understand. You write that crypt_rclone uses nacl / secretbox as a black box and I know that black box works without any knowledge of its internal workings. Its implementation is "opaque" (black). But I would like to take a closer look inside. Can you send me some explanatory links or would you be able to describe it in your own words? I took a closer look at how Salsa20 and Poly1305 work but I don't understand how Salsa20 is connected to the scrypt Password-Based Key Derivation Function
Actually the nonce for Xsalsa20 is 192 bits which is exactly 24 bytes.
Yes I already understood that nonce thank you.