nonce#

Nonce ("number used once") is, typically a randomly generated value (technically does not need to be a number) that's associated with a message in a cryptographic scheme and must be unique within some specified scope (such as a given time interval, or a session).[1]

Nonce typically used to prevent Replay attack.

For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a Replay attack.

Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.

More Information#

There might be more information for this subject on one of the following:

• Authorization Request Parameters
• Best Practices OpenID Connect
• Bitcoin block
• CCM
• CHACHA20-POLY1305
• Covert Redirect Vulnerability
• DIGEST-MD5
• Identity Token
• Identity Token Claims
• Identity Token Validation
• JSON Web Token Claims
• JSON Web Tokens
• Logout Token
• Nounce or Salt
• OAuth 2.0 Protocol Flows
• OAuth Parameters Registry
• One-time password device tokens
• OpenID Connect Flows
• Salsa20
• U-Prove
• Web Blog_blogentry_150617_1

---

• [#1] - What is the difference between hash salting and noncing? - based on information obtained 2016-10-28