In cryptography, a nonce is a random number that is only used once by an authentication protocol in a particular communication. Nonces are commonly employed to thwart replay attacks.
The term “nonce” is an abbreviation of “number only used once.” Nonce values are typically created using random number generators (or other algorithms that are able to generate unique values based on various system parameters).
How nonces prevent replay attacks
In a replay attack, the attacker intercepts a valid message and reuses it to impersonate the legitimate user. Adding a nonce to each message helps prevent these attacks — if the hackers try to replay an intercepted message, the receiving system can recognize the nonce and automatically repel the attempt.
Real nonce usage examples
- Three-way handshake: In a three-way handshake, every message in the authentication exchange (the SYN message from the source, the ACK message from the receiver, and the final SYN-ACK reply) contains a nonce to prevent third parties from hijacking the authentication process and gaining unauthorized access.
- Four-way handshake: Like in a three-way handshake, every message in a four-way handshake between the wireless access point and the client contains a nonce for security.
- Proof-of-work (POW) systems: Nonces are used in various POW systems (such as cryptocurrency blockchains) to adjust their difficulty.