Highest Voted 'nonce' Questions - IT Security Stack Exchange

90

votes

4 answers

What is the use of a client nonce?

After reading Part I of Ross Anderson's book, Security Engineering, and clarifying some topics on Wikipedia, I came across the idea of Client Nonce (cnonce). Ross never mentions it in his book and I'm struggling to understand the purpose it serves…

cryptography authentication nonce

asked Apr 10 '11 at 02:56

user2014

1,003
1
8
6

59

votes

3 answers

When using AES and CBC, is it necessary to keep the IV secret?

If I encrypt some data with a randomly generated Key and Initialization Vector, then store all three pieces of information in the same table row; is it necessary to encrypt the IV as well as the Key? Simplified table structure: Encrypted data Key…

encryption aes storage nonce

asked Jul 10 '12 at 15:43

Stu Pegg

693
1
5
6

38

votes

3 answers

How long should a random nonce be?

NIST provides good guidelines on the length of keys and hashes for various algorithms. But I don't see anything specifically on the length of a random or pseudo-random nonce (number used once). If there is a single good answer for a variety of…

cryptography random nonce

asked Jan 30 '11 at 19:58

nealmcb

20,544
6
69
116

35

votes

1 answer

How does a nonce reset allow for decryption?

I'm sure that by now most InfoSec-lovers have heard about KRACK. If you haven't, check out this great explaination by a fellow StackExchanger. It's a new attack on WPA2 which allows for decryption and forging of packets in certain (and certainly…

wifi vulnerability wpa2 nonce krack

asked Oct 16 '17 at 13:53

FMaz

472
4
14

32

votes

4 answers

Why does the SSL/TLS handshake have a client and server random?

In the SSL handshake both the client and server generate their respective random numbers. The client then generates a pre master secret and encrypts it with the server's public key. However, why can't the client just generate the pre master secret…

tls nonce

asked May 16 '15 at 13:29

George Robinson

563
1
5
9

20

votes

2 answers

Openid connect nonce replay attack

The openid connect specification adds a nonce parameter to the authorize endpoint, which must be echoed back as a claim in the id_token. It claims that the purpose of this parameter is to prevent replay attacks and has some implementation…

nonce openid-connect

asked Jan 06 '17 at 19:15

user3072507

301
2
3

15

votes

2 answers

Purpose of nonce validation in OpenID Connect implicit flow

The OpenID Connect specification requires implicit flow clients to generate and validate a nonce: String value used to associate a Client session with an ID Token, and to mitigate replay attacks. What replay attacks are those? Put differently,…

authentication nonce openid-connect

asked Feb 12 '16 at 19:20

meriton

1,449
1
10
13

13

votes

2 answers

when to use nonce?

I have trouble understanding nonce. I read a very good answer related to nonce by @Thomas Pornin, but it is too complicated for me as I am new to cryptography. From what I know, nonce is used to validate a form upon submission and avoid resubmission…

php nonce

asked Sep 06 '12 at 04:43

Loonb

293
1
3
9

12

votes

1 answer

SSL replay attack when client/server random is missing

Hey studying the SSL protocol, I'm wondering how can someone be able to do a replay attack if the server nonce is missing? All the material I find says that nonces prevent it, but theres no examples which specify why or how

cryptography tls attack-prevention nonce

asked May 08 '11 at 12:37

ddayan

223
2
4

11

votes

1 answer

TLS replay attack - requirements of the serverHello nonce

As you all know, the SSL/TLS protocol requires both client and server to exchange (in clear text) a random number or nonce. This is presumably used to prevent replay attacks. It is not clear to me what the server-side nonce requirement is. Must it…

cryptography tls nonce

asked Mar 04 '11 at 16:48

Louis

373
2
9

10

votes

1 answer

Is it possible to implement a nonce without storage?

I am looking at implementing an authentication module using OAuth 2.0 Client and I am trying to avoid having any server state. I was going thorough a few other questions when to use nonce? Is it possible to have stateless server nonces in HTTP…

oauth nonce

asked Jul 03 '14 at 15:14

Archimedes Trajano

334
4
12

9

votes

2 answers

What's the point of the nonce in CTR mode?

Does having a nonce in CTR mode actually improve security (vs. just using 1, 2, 3, etc. - basically a constant nonce of 0)? As far as I can tell, the best-case scenario security-wise is that the nonce could act as a sort of second key, which would…

encryption cryptography nonce initialisation-vector

asked Jul 15 '14 at 19:07

Neil Fitzgerald

374
1
2
10

9

votes

3 answers

According to RFC 5246, are nonces in TLS useless (in terms of security) and if yes, why aren't they only random data?

I know the common usage of nonces in security (which is well described in this topic). However, when checking the SSL/TLS protocol, we can notice, according to the RFC, that nonces as ClientHello.random and ServerHello.random are sent in plaintext…

tls nonce

asked May 20 '14 at 07:34

blingbou

91
6

9

votes

1 answer

Is it possible to have stateless server nonces in HTTP Digest

When implementing a HTTP Digest server, there's the issue of nonces. Server nonces (as opposed to client nonces) must be issued by the server may be re-used by clients as long as the server allows it knows nothing about what user will use the nonce…

http nonce

asked Jan 28 '12 at 00:49

mogsie

255
2
6

8

votes

3 answers

How can salted, hashed password storage be combined with a plaintext, nonce and hash based authentication?

My understanding is as follows: To securely store a password (e.g. in a database), you use a hashing algorithm designed for this purpose (designed to be slow, e.g. bcrypt), and you use a unique salt for each password. This makes it hard/slow for…

passwords authentication salt storage nonce

asked Jul 12 '13 at 16:21

Tim

183
1
4

Questions tagged [nonce]