Ver:
· Parámetro variante en el tiempo
· Sal
· http://en.wikipedia.org/wiki/Nonce
Valor
aleatorio que no se repite nunca. Se utiliza en protocolos criptográficos para
prevenir ataques de tipo 'replay'.
A value used in
security protocols that is never repeated with the same key. For example,
nonces used as challenges in challenge-response authentication protocols must
not be repeated until authentication keys are changed. Otherwise, there is a possibility
of a replay attack. Using a nonce as a challenge is a different requirement
than a random challenge, because a nonce is not necessarily unpredictable. [NIST-SP800-63:2013]
A random or
non-repeating value that is included in data exchanged by a protocol, usually
for the purpose of guaranteeing the transmittal of live data rather than
replayed data, thus detecting and protecting against replay attacks. [CNSSI_4009:2010]
(I) A random or
non-repeating value that is included in data exchanged by a protocol, usually
for the purpose of guaranteeing liveness and thus detecting and protecting
against replay attacks. (See: fresh.) [RFC4949:2007]
Nonce means 'for
the present time' or 'for a single occasion or purpose', although the word is
not often found in general use. A dictionary may note nonce words, those for
which there is only a single textual instance.
In security
engineering, a nonce is a 'number used once'. It is often a random or
pseudo-random number issued in an authentication protocol to ensure that old
communications cannot be reused in 'replay attacks'. For instance, nonces are
used in HTTP digest access authentication to calculate an MD5 digest of the
password. The nonces are different each time the 401 authentication challenge
response code is presented, thus making the replay attack virtually impossible.
Some also refer to Initialization Vectors as nonces for the above reasons. In
order to ensure that a nonce is used only once it should be time-variant (including
a suitably granular timestamp in its value), or generated with enough random
bits to ensure a probabilistically insignificant chance of repeating a
previously generated value.
http://en.wikipedia.org/wiki/Nonce
A non-repeating
value, such as a counter, used in key management protocols to thwart replay and
other types of attack. [x942]
A nonce is a
time-variant parameter, such as a counter, random number, or time stamp, used
in key management protocols to thwart message replay and other types of
attacks. [X942]
http://www.garlic.com/~lynn/x9fgloss.htm
Temas relacionados