Highest Voted 'nonce' Questions - IT Security Stack Exchange

0

votes

3 answers

Multiple devices encrypting data using the same key?

I want to implement a service that can't read the data you store there. The Idea is that I, like in a password manager, use the password to derive a vault key, which is different from the authentication key, that is used to encrypt/decrypt the…

man-in-the-middle nonce end-to-end-encryption

asked May 28 '21 at 08:39

Gamer2015

707
4
12

0

votes

1 answer

How to guarantee only my client application can request a nonce?

I have a web site and a service in a server. I'm developing the "Register User" and "Login" components. I've searched on the internet and I've found two protocols to login user using 'nonce' and 'salt', here and here. I've also found two…

tls account-security defense nonce

asked Jul 01 '20 at 17:49

rmmariano

103
2

0

votes

1 answer

Does OAuth2 state parameter need to be cryptographically secure?

In OAuth2, as part of the authorization request, we generate a random string and pass it with the state parameter, so that when we get the response, we can ascertain that the response is a result of our request. In some examples, I've seen this…

random oauth2 nonce

asked Apr 21 '20 at 12:49

Gigi

1,280
1
11
12

0

votes

0 answers

nonce encryption in https

I am thinking about using nonce and secure request to API Server. Is this the right implementation for using nonce? PURPOSE Protect API Server from Replay attack Protect API Server from MITM attack Protect Core API Server from Resource exhaustion…

tls web-application api nonce

asked Aug 07 '19 at 04:46

ostrichegret

1
1

0

votes

1 answer

When encrypting password hashes, how to handle nonces?

I know that encrypting password hashes is a contentious issue. However, I have seen it recommended in some quarters. I know for instance that DropBox did this at one time with AES256. In these cases, all password hashes would be encrypted with one…

passwords cryptography hash nonce chacha20

asked Apr 05 '19 at 21:40

Prime

472
6
14

0

votes

1 answer

Hardening a asymmetric key based authentication process

The process involves two interested parties A (client) and B (server) and the attacker M. M is capable of intercepting all the communication between A and B (Man in the Middle) and even modify it. However A's private key has not been compromised.…

authentication asymmetric nonce

asked Nov 05 '18 at 15:08

amitkriit

3
3

0

votes

1 answer

Is nonce of HMAC secured message considered secret?

Consider app using say, HMAC-SHA2, with securely pre-shared symmetric key. Are the nonces of exchanged messages considered secret as well? Or in other words, does its easy predictability or even outright knowledge(plaintext) of nonce to attacker…

hmac nonce

asked Feb 02 '18 at 09:02

wondra

103
3

0

votes

1 answer

When And How To Generate Nonce For URL

I have a url with a $_GET parameter that allows deleting of a record in my database, eg. localhost/app/delete.php?id=4843. The delete.php page only checks to see if the user is signed in and that they own the db record. Obviously, this creates the…

php csrf nonce

asked Oct 31 '17 at 16:18

John S

1
2

-1

votes

1 answer

Is Nonce always +1 to replay replay attack?

i understand nonce is to prevent replay attack. May i know when server first sent nonce to you. Client then has to proceed to +1 the nonce sent by the server back? IS this always the case? Is nonce made up of timestamp + random as well?

nonce replay-detection

asked Apr 09 '18 at 03:40

Killney

373
1
3
5

-3

votes

1 answer

Authentication protocol based on hash function

Is it possible that Alice can authenticate Bob without using any secret information except her password, i.e they don't share any thing else. If so, how can I authenticate Alice and ensure the integrity and confidentiality of the password in the…

authentication hash nonce timestamp

asked Nov 30 '14 at 19:01

Sara

1
1

Questions tagged [nonce]