a random number that is only used once. It is generated at the beginning of a communication by one communication partner and has to be sent back by the other one in order to prevent replay attacks.
Questions tagged [nonce]
85 questions
0
votes
3 answers
Multiple devices encrypting data using the same key?
I want to implement a service that can't read the data you store there.
The Idea is that I, like in a password manager, use the password to derive a vault key, which is different from the authentication key, that is used to encrypt/decrypt the…
![](../../users/profiles/248179.webp)
Gamer2015
- 707
- 4
- 12
0
votes
1 answer
How to guarantee only my client application can request a nonce?
I have a web site and a service in a server.
I'm developing the "Register User" and "Login" components.
I've searched on the internet and I've found two protocols to login user using 'nonce' and 'salt', here and here.
I've also found two…
![](../../users/profiles/237636.webp)
rmmariano
- 103
- 2
0
votes
1 answer
Does OAuth2 state parameter need to be cryptographically secure?
In OAuth2, as part of the authorization request, we generate a random string and pass it with the state parameter, so that when we get the response, we can ascertain that the response is a result of our request.
In some examples, I've seen this…
![](../../users/profiles/95186.webp)
Gigi
- 1,280
- 1
- 11
- 12
0
votes
0 answers
nonce encryption in https
I am thinking about using nonce and secure request to API Server. Is this the right implementation for using nonce?
PURPOSE
Protect API Server from Replay attack
Protect API Server from MITM attack
Protect Core API Server from Resource exhaustion…
![](../../users/profiles/213978.webp)
ostrichegret
- 1
- 1
0
votes
1 answer
When encrypting password hashes, how to handle nonces?
I know that encrypting password hashes is a contentious issue. However, I have seen it recommended in some quarters. I know for instance that DropBox did this at one time with AES256. In these cases, all password hashes would be encrypted with one…
![](../../users/profiles/199648.webp)
Prime
- 472
- 6
- 14
0
votes
1 answer
Hardening a asymmetric key based authentication process
The process involves two interested parties A (client) and B (server) and the attacker M. M is capable of intercepting all the communication between A and B (Man in the Middle) and even modify it. However A's private key has not been compromised.…
![](../../users/profiles/190559.webp)
amitkriit
- 3
- 3
0
votes
1 answer
Is nonce of HMAC secured message considered secret?
Consider app using say, HMAC-SHA2, with securely pre-shared symmetric key. Are the nonces of exchanged messages considered secret as well?
Or in other words, does its easy predictability or even outright knowledge(plaintext) of nonce to attacker…
![](../../users/profiles/167955.webp)
wondra
- 103
- 3
0
votes
1 answer
When And How To Generate Nonce For URL
I have a url with a $_GET parameter that allows deleting of a record in my database, eg. localhost/app/delete.php?id=4843.
The delete.php page only checks to see if the user is signed in and that they own the db record. Obviously, this creates the…
![](../../users/profiles/162748.webp)
John S
- 1
- 2
-1
votes
1 answer
Is Nonce always +1 to replay replay attack?
i understand nonce is to prevent replay attack. May i know when server first sent nonce to you. Client then has to proceed to +1 the nonce sent by the server back? IS this always the case?
Is nonce made up of timestamp + random as well?
![](../../users/profiles/175081.webp)
Killney
- 373
- 1
- 3
- 5
-3
votes
1 answer
Authentication protocol based on hash function
Is it possible that Alice can authenticate Bob without using any secret information except her password, i.e they don't share any thing else. If so, how can I authenticate Alice and ensure the integrity and confidentiality of the password in the…
![](../../users/profiles/61694.webp)
Sara
- 1
- 1