FANDOM


File:Nonce-cnonce-uml.svg

In security engineering, nonce is an abbreviation of number used once[1] (it is similar in spirit to a nonce word). It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to calculate an MD5 digest of the password. The nonces are different each time that the 401 authentication challenge response code is presented, and each client request has a unique sequence number, thus making replay attacks and dictionary attacks virtually impossible.

Some also refer to initialization vectors as nonces for the above reasons. To ensure that a nonce is used only once, it should be time-variant (including a suitably fine-grained timestamp in its value), or generated with enough random bits to ensure a probabilistically insignificant chance of repeating a previously generated value. Some authors define pseudorandomness (or unpredictability) as a requirement for a nonce.Template:Fact

See also Edit

References Edit

  1. Template:Cite book

External links Edit

ar:الرقم الخاص de:Nonce it:Nonce

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.