Cryptographic nonce

From Wikipedia, the free encyclopedia

Typical client-server communication during a nonce-based authentication process including both a server nonce and a client nonce.

In security engineering, a nonce stands for number used once^[1] (it is similar in spirit to a nonce word). It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to calculate an MD5 digest of the password. The nonces are different each time that the 401 authentication challenge response code is presented, and each client request has a unique sequence number, thus making replay attacks and dictionary attacks virtually impossible.

Some also refer to initialization vectors as nonces for the above reasons. To ensure that a nonce is used only once, it should be time-variant (including a suitably granular timestamp in its value), or generated with enough random bits to ensure a probabilistically insignificant chance of repeating a previously generated value. Some authors define pseudorandomness (or unpredictability) as a requirement for a nonce.^{[citation needed]}

[edit] See also

• Initialization vector
• Salt (cryptography)
• Key strengthening
• Nonce word
• Cross-site request forgery

[edit] References

1. ^ Anderson, Ross (2001). Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley. ISBN 0471389226. http://www.cl.cam.ac.uk/~rja14/book.html. 

[edit] External links

• Sam Ruby Blogging on Nonce with an implementation
• RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication
• RFC 3540 - Robust Explicit Congestion Notification (ECN) Signaling with Nonces
• RFC 4418 - UMAC: Message Authentication Code using Universal Hashing

This cryptography-related article is a stub. You can help Wikipedia by expanding it.