diff --git a/src/aead.c b/src/aead.c
index 8473010a..f4b9c1c5 100644
--- a/src/aead.c
+++ b/src/aead.c
@@ -408,6 +408,8 @@ aead_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
     /* copy salt to first pos */
     memcpy(ciphertext->data, cipher_ctx.salt, salt_len);
 
+    ppbloom_add((void *)cipher_ctx.salt, salt_len);
+
     aead_cipher_ctx_set_key(&cipher_ctx, 1);
 
     size_t clen = ciphertext->len;
@@ -552,6 +554,8 @@ aead_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
         memcpy(ciphertext->data, cipher_ctx->salt, salt_len);
         aead_cipher_ctx_set_key(cipher_ctx, 1);
         cipher_ctx->init = 1;
+
+        ppbloom_add((void *)cipher_ctx->salt, salt_len);
     }
 
     err = aead_chunk_encrypt(cipher_ctx,
diff --git a/src/stream.c b/src/stream.c
index 3817dbbd..0556c38a 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -345,6 +345,8 @@ stream_encrypt_all(buffer_t *plaintext, cipher_t *cipher, size_t capacity)
     cipher_ctx_set_nonce(&cipher_ctx, nonce, nonce_len, 1);
     memcpy(ciphertext->data, nonce, nonce_len);
 
+    ppbloom_add((void *)nonce, nonce_len);
+
     if (cipher->method >= SALSA20) {
         crypto_stream_xor_ic((uint8_t *)(ciphertext->data + nonce_len),
                              (const uint8_t *)plaintext->data, (uint64_t)(plaintext->len),
@@ -399,6 +401,8 @@ stream_encrypt(buffer_t *plaintext, cipher_ctx_t *cipher_ctx, size_t capacity)
         memcpy(ciphertext->data, cipher_ctx->nonce, nonce_len);
         cipher_ctx->counter = 0;
         cipher_ctx->init    = 1;
+
+        ppbloom_add((void *)cipher_ctx->nonce, nonce_len);
     }
 
     if (cipher->method >= SALSA20) {