nonce#
Nonce ("number used once") is, typically a randomly generated value (technically does not need to be a number) that's associated with a message in a cryptographic scheme and must be unique within some specified scope (such as a given time interval, or a session).[1]Nonce typically used to prevent Replay attack.
For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a Replay attack.
Using a Nonce as a challenge is a different requirement than a random challenge, because a Nonce may be predictable.
Nonce may be used for an Initialization Vector it MUST only to be non-repeating and the required randomness is derived internally.
More Information#
There might be more information for this subject on one of the following:- Authorization Code Flow
- Authorization Request Parameters
- Best Practices OpenID Connect
- Bitcoin block
- CCM
- CHACHA20-POLY1305
- Covert Redirect Vulnerability
- DIGEST-MD5
- Identity Token
- Identity Token Claims
- Identity Token Validation
- Initialization Vector
- JSON Web Token Claims
- JSON Web Tokens
- Logout Token
- Nounce or Salt
- OAuth 2.0 Protocol Flows
- OAuth 2.0 Security Best Current Practice
- OAuth Parameters Registry
- One-time password device tokens
- OpenID Connect Flows
- Proof Key for Code Exchange by OAuth Public Clients
- Salsa20
- U-Prove
- Web Blog_blogentry_150617_1
- [#1] - What is the difference between hash salting and noncing?
- based on information obtained 2016-10-28
