i understand nonce is to prevent replay attack. May i know when server first sent nonce to you. Client then has to proceed to +1 the nonce sent by the server back? IS this always the case?
Is nonce made up of timestamp + random as well?
i understand nonce is to prevent replay attack. May i know when server first sent nonce to you. Client then has to proceed to +1 the nonce sent by the server back? IS this always the case?
Is nonce made up of timestamp + random as well?
Nonces are used in a variety of use cases. The exact behavior regarding a nonce depends on the exact use case but all use cases share that a nonce should only be used once within a specific context. This might be achieved by using true random numbers but depending on the exact use case it might also be sufficient to use a simple counter or a timestamp to get a unique value within a specific context.
I'm unaware of any use case where the behavior you describe is used, i.e. where the client uses the server_sent_nonce+1
. Given that the nonce is unique in the first place such operation should not be needed. But it should not harm either if applied consistently since then server_sent_nonce+1
is actually the new nonce which is unique too.