- Cryptographic nonce
In security engineering, nonce is an arbitrary number used only once to sign a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. For instance, nonces are used in HTTP digest access authentication to calculate an MD5 digest of the password. The nonces are different each time the 401 authentication challenge response code is presented, thus making replay attacks virtually impossible. It is basically a cryptographic cookie.
A nonce may be used to ensure security for a stream cipher. Where the same key is used for more than one message then a different nonce is used to ensure that the keystream is different for different messages encrypted with that key. Often the message number is used.
Some also refer to initialization vectors as nonces for the above reasons. To ensure that a nonce is used only once, it should be time-variant (including a suitably fine-grained timestamp in its value), or generated with enough random bits to ensure a probabilistically insignificant chance of repeating a previously generated value. Some authors define pseudorandomness (or unpredictability) as a requirement for a nonce.
Wikimedia Foundation. 2010.
Look at other dictionaries:
Nonce — may refer to: Nonce, time being: the present occasion; for the nonce Nonce word, a word used to meet a need that is not expected to recur Cryptographic nonce, a number or bit string used only once, in security engineering The Nonce, American rap… … Wikipedia
Cryptographic engineering — is the discipline of using cryptography to solve human problems. Cryptography is typically applied when trying to ensure data confidentiality, to authenticate people or devices, or to verify data integrity in risky environments. Cryptographic… … Wikipedia
Cryptographic hash function — A cryptographic hash function (specifically, SHA 1) at work. Note that even small changes in the source input (here in the word over ) drastically change the resulting output, by the so called avalanche effect. A cryptographic hash function is a… … Wikipedia
Challenge-response authentication — For the spam filtering technique, see Challenge response spam filtering. For other uses, see CRAM (disambiguation). In computer security, challenge response authentication is a family of protocols in which one party presents a question (… … Wikipedia
Salt (cryptography) — In cryptography, a salt consists of random bits, creating one of the inputs to a one way function. The other input is usually a password or passphrase. The output of the one way function can be stored rather than the password, and still be used… … Wikipedia
Initialization vector — In cryptography, an initialization vector (IV) is a block of bits that is required to allow a stream cipher or a block cipher to be executed in any of several streaming modes of operation to produce a unique stream independent from other streams… … Wikipedia
Криптографически стойкий генератор псевдослучайных чисел — (англ. Cryptographically secure pseudorandom number generator, CSPRNG) это генератор псевдослучайных чисел с определенными свойствами, позволяющими использовать его в криптографии. Многие прикладные задачи криптографии требуют случайных… … Википедия
Phelix — – высокоскоростной поточный шифр, использующий одноразовый код аутентичности сообщения. Шифр был представлен на конкурсе eSTREAM в 2004 году. Авторами являются Брюс Шнайер, Дуг Уитинг, Стефан Люкс и Фредерик Мюллер. Агоритм содержит операции… … Википедия
DNS cache poisoning — is a security or data integrity compromise in the Domain Name System (DNS). The compromise occurs when data is introduced into a DNS name server s cache database that did not originate from authoritative DNS sources. It may be a deliberate… … Wikipedia
MicroID — is a decentralized identity protocol. It was originally developed in 2005 by Jeremie Miller . A MicroID is a simple identifier comprising a hashed communication/identity URI (e.g. Email, OpenID, and/or Yadis) and claimed URL. Together, the two … Wikipedia