| Cryptographic Nonce |
Article Index for Cryptographic |
Information AboutCryptographic Nonce |
| CATEGORIES ABOUT CRYPTOGRAPHIC NONCE | |
| cryptography | |
|
In Security engineering, a nonce is a number or bit string used only once. It is often a Random or Pseudo-random number issued in an Authentication Protocol to ensure that old communications cannot be reused in '' Replay Attack s''. For instance, nonces are used in HTTP Digest Access Authentication to calculate an MD5 digest of the Password . The nonces are different each time that the 401 authentication challenge Response Code is presented, and each client request has a unique sequence number, thus making the replay attack virtually impossible. Some also refer to Initialization Vector s as nonces for the above reasons. To ensure that a nonce is used only once, it should be time-variant (including a suitably granular Timestamp in its value), or generated with enough random bits to ensure a probabilistically insignificant chance of repeating a previously generated value. Some authors define pseudorandomness (or unpredictability) as a requirement for a nonce. SEE ALSO EXTERNAL LINKS
|
|
|