Questions tagged [nonce]
a random number that is only used once. It is generated at the beginning of a communication by one communication partner and has to be sent back by the other one in order to prevent replay attacks.
91 questions
5
votes
2
answers
1k
views
What's a good way to append a nonce to ciphertext in Python for AES GCM in Python?
I'm not a security expert, so please excuse this question if it's silly, but I would really like an answer. I am using AES GCM to encrypt and would like to combine the randomly generated nonce with ...
- 53
0
votes
0
answers
31
views
Balancing security with usability when using nonce for CSRF protection [duplicate]
How does one balance security and usability when using nonces on a website?
Imagine a website where the same nonce is embedded in the page, and stored in the browser session.
If I were to replace the ...
- 2,169
2
votes
1
answer
558
views
Is it secure to send JWT tokens in url query parameters if we use nonce to make it a one time token?
Websockets don't support sending auth tokens during websocket handshake as part of HTTP headers, rather only via query parameters. This has a security risk of leaking these tokens in server logs. ...
4
votes
1
answer
2k
views
What purpose do nonces serve in the TLS 1.3 handshake?
In general, I understand that nonces are used to prevent replay attacks, but in the case of a TLS 1.3 handshake, the Client/Server Hello message contains their public keys. Considering that keys are ...
- 43
1
vote
1
answer
339
views
Possible scenario for replay attack in acme protocol
The ACME protocol defines the use of a replay nonce to prevent replay attacks.
I understand what replay attacks are and why it's important to prevent them in certain scenarios. But I can't think of a ...
- 63
6
votes
1
answer
770
views
Adding salt to TOTP
I'm building an high velocity auth system, used both for user to machine and machine to machine authentication and authorization. To prevent a replay attack I'm adding a nonce to each request, but in ...
- 233
4
votes
2
answers
875
views
How to properly manage WebAuthn challenges?
I'm in the process of evaluating adding WebAuthn/Passkey support to a website, and I'm not really sure how to properly manage challenge nonces.
My understanding is that the main reason for using ...
- 201
0
votes
2
answers
437
views
Verifying that certain data is encrypted (or at least indistinguishable from random data)
Question
The question is in the title, but here are more details:
I want my server to have an upload endpoint (single POST for small data or multipart for larger data) where clients can upload data.
...
- 3
1
vote
1
answer
3k
views
What is cnonce in Digest Authentication
In digest authentication we use something that is called cnonce.
According to RFC7616:
This parameter MUST be used by all implementations. The cnonce value is an opaque quoted ASCII-only string value ...
- 133
2
votes
0
answers
85
views
How to obtain "wp_rest" nonce for WP Statistics plugin manually?
During my pentest of a client's websites I stumbled upon the WP with vulnerable WP Statistics plugin installed.
To exploit this vulnerability, I should send a JSON-API request to endpoint /json-api/wp-...
- 121
2
votes
1
answer
703
views
Openid nonce replay attack in auth code flow
Looking at this question Openid connect nonce replay attack and the answer by @benbotto. I understand the replay attack in implicit flow but unable to understand it for auth code flow. Let's say an ...
- 21
1
vote
1
answer
289
views
Can I use part of PBKDF2 output as an IV (nonce)?
SHA-256 generates a 32-byte hash, Is it a safe practice to use the first 16 as an iv (nonce) and the second 16 as a key ?
What other things I should consider when using PBKDF2 in a scenario like this ?...
- 1,229
0
votes
0
answers
181
views
Using predictable incrementing nonces
I need validation / feedback please with the implementation of a web based client-server application that I am building.
I need to make sure that a client's cookies can't be hijacked and therefore I ...
0
votes
3
answers
901
views
Multiple devices encrypting data using the same key?
I want to implement a service that can't read the data you store there.
The Idea is that I, like in a password manager, use the password to derive a vault key, which is different from the ...
- 737
1
vote
0
answers
225
views
Web authentication, replay, nonce and KEK
I am trying to figure out how to build a secure, playback-proof, web authentication scheme and at the same time be able to use a KEK at the server.
After a lot of reading it seems that a reasonable ...
1
vote
1
answer
324
views
Is nonce useless when user input is reflected within an inline script?
I stumbled upon a web app which is accepting user input and putting it into a variable within script tag.
The script tag does have a nonce attribute.
As am working on bypassing the XSS filter, I had ...
- 345
0
votes
1
answer
306
views
How to guarantee only my client application can request a nonce?
I have a web site and a service in a server.
I'm developing the "Register User" and "Login" components.
I've searched on the internet and I've found two protocols to login user ...
- 103
1
vote
1
answer
764
views
Does OAuth2 state parameter need to be cryptographically secure?
In OAuth2, as part of the authorization request, we generate a random string and pass it with the state parameter, so that when we get the response, we can ascertain that the response is a result of ...
- 1,370
3
votes
2
answers
5k
views
NONCE not supported in Asp.Net for CSP implementation
Is NONCE supported in Asp.Net when implementing the Content-Security-Policy header to protect from XSS ??
I read that NONCE was not supported in Asp.Net, however, I read another simple article, that ...
- 171
3
votes
0
answers
269
views
Shopify OAuth: State parameter useful when the auth server also returns a signed shop id?
Background: I think I understand how the state parameter is used in oAuth to prevent CSFR attacks against the redirect_uri.
Situation: I am looking at this in the context of implementing a Shopify App ...
- 131
2
votes
1
answer
371
views
How were Cryptographic nonces used in the Yahoo! data breach?
How does an attacker use Cryptographic nonces to generate access cookies through a script on a server? As what happened to Yahoo! servers.
0
votes
0
answers
251
views
nonce encryption in https
I am thinking about using nonce and secure request to API Server. Is this the right implementation for using nonce?
PURPOSE
Protect API Server from Replay attack
Protect API Server from MITM attack
...
0
votes
1
answer
783
views
When encrypting password hashes, how to handle nonces?
I know that encrypting password hashes is a contentious issue. However, I have seen it recommended in some quarters. I know for instance that DropBox did this at one time with AES256. In these cases, ...
- 514
1
vote
0
answers
462
views
Does using both a counter and a random nonce make sense for the purpose of reducing the likelihood of replay attacks?
I am aware that using a counter or a random value are both acceptable ways of generating nonces, depending on the circumstances.
The tradeoff with using a counter is the necessity to keep state and ...
- 146
0
votes
1
answer
700
views
Hardening a asymmetric key based authentication process
The process involves two interested parties A (client) and B (server) and the attacker M. M is capable of intercepting all the communication between A and B (Man in the Middle) and even modify it. ...
2
votes
1
answer
1k
views
How to identify the sender of a message in asymmetric encryption?
I am working on a chat application, and I am trying to secure the communication by using asymmetric encryption. I am able to encrypt a message with the receiver's public key and decrypt a message with ...
Bab
1
vote
2
answers
338
views
Bloom filter to prevent replay attacks in signed HTTP requests
I'm thinking about an authentication sheme of a REST API in a setting where the only thing the server stores about a client, is their public key (the asymmetric encryption scheme should not matter). ...
- 111
1
vote
1
answer
2k
views
AEAD and nonces explained in layman's terms (Symmetric encryption example using Libsodium)
After almost 4 days of work, I've finally gotten Libsodium crypto_aead_xchacha20poly1305_ietf_encrypt to work and produce the same result in JavaScript and PHP.
But I'm confused.
The PHPDoc ...
- 335
7
votes
2
answers
4k
views
How to store nonce and key when working with libsodium secretbox?
Why am I asking?
I am very new to cryptography (so please be patient with me...) and I want to avoid making unnecessary mistakes. I did a lot of research, but - other than with most other programming ...
- 179
2
votes
1
answer
936
views
If we use only client nonce and not server nonce, which attack vectors become possible?
As we all know, nonce is needed to prevent replay attacks. Everywhere I read about nonce, I see that client always fetches one from the server, and, to improve security even more, it also can add its ...
- 195
1
vote
0
answers
151
views
Re-using the hash value of password to server by malicious actor
Let's say Alice logged into https://www.facebook.com with her email and password:
Email:
[email protected]
Password:
correctHorseShoeBattery
Nonce given by ...
- 413
-1
votes
1
answer
538
views
Is Nonce always +1 to replay replay attack?
i understand nonce is to prevent replay attack. May i know when server first sent nonce to you. Client then has to proceed to +1 the nonce sent by the server back? IS this always the case?
Is nonce ...
- 413
0
votes
1
answer
977
views
Is nonce of HMAC secured message considered secret?
Consider app using say, HMAC-SHA2, with securely pre-shared symmetric key. Are the nonces of exchanged messages considered secret as well?
Or in other words, does its easy predictability or even ...
- 103
1
vote
1
answer
2k
views
What's the purpose of the client nonce in SSL?
I'm having difficulty understanding the impact the client nonce has. I understand that the server nonce can prevent the replay attack. Isn't the client nonce an unnecessary part of the replay attack ...
user167034
2
votes
1
answer
953
views
Why is salt+nonce authentication over insecure channel vulnerable to man-in-the-middle attack?
In a network connection over an insecure channel I do the following:
Server sends database salt and a nonce to the client;
Client computes and sends hash(hash(pwd + salt) + nonce);
Server computes ...
- 135
0
votes
1
answer
3k
views
When And How To Generate Nonce For URL
I have a url with a $_GET parameter that allows deleting of a record in my database, eg. localhost/app/delete.php?id=4843.
The delete.php page only checks to see if the user is signed in and that ...
- 1
4
votes
1
answer
354
views
Is this the correct flow of the KRACK attack?
I am not cryptography expert so please forgive this basic question. I am trying to understand how the flow of the KRACK attack takes place in order to better understand why the encryption protocol ...
- 275
34
votes
1
answer
4k
views
How does a nonce reset allow for decryption?
I'm sure that by now most InfoSec-lovers have heard about KRACK.
If you haven't, check out this great explaination by a fellow StackExchanger.
It's a new attack on WPA2 which allows for decryption ...
- 472
8
votes
3
answers
4k
views
What is the use of nonces in HTTPS APIs
I have used APIs that require a nonce for every request. If HTTPS requests are not replayable, seen here https://stackoverflow.com/a/2770133/2800469, what is the reason to require nonces for HTTPS ...
- 181
2
votes
1
answer
2k
views
How to synchronize a nonce between two participants?
I am currently working with a symmetric algorithm which requires a nonce for encryption, and logically for decryption as well.
However, I am a bit confused about how I would go and synchronize the ...
- 145
24
votes
2
answers
8k
views
Openid connect nonce replay attack
The openid connect specification adds a nonce parameter to the authorize endpoint, which must be echoed back as a claim in the id_token. It claims that the purpose of this parameter is to prevent ...
- 341
1
vote
3
answers
344
views
How to only send hashed passwords while not storing passwords in plaintext on the sever?
In a web-based auth system I do the following:
Client: Ask the server for a "nonce".
Client: Generate a "cnonce".
Client: hash(nonce + cnonce + password)
Client: Send cnonce and the hash from point ...
- 13
1
vote
2
answers
474
views
How do I secure a nonce value within app whose source code is public?
I am developing a plugin for Nylas N1 (implements Node). The plugin will be using an implicit flow to authenticate the user, as I understand that is the best way to handle client-side applications. I ...
6
votes
3
answers
4k
views
AES use same Nonce security risk?
If I use AES-GCM and encrypt data with a 128 Bit Key and always use the same Nonce.
Is using the same nonce a security risk? Can a hacker guess the Key?
Or is the Nonce only to verify that the ...
- 225
2
votes
1
answer
5k
views
WPA/WPA2 Handshake -- A question on the computation of the MIC
During the WPA/WPA2 4-way handshake, the first two steps are as follows. (1) The AP sends an ANonce to the client, (2) The client computes its own Nonce (SNonce), computes the Preshared Transient Key (...
- 1,576
5
votes
2
answers
10k
views
Preventing resubmission and replay attack using client nonce in REST API
I have a REST API backend which has HTTPS (and blocked HTTP) and use JWT as the authentication mechanism. The client side is iOS/Android app. I want to add a layer of safeguard on critical API by ...
- 153
8
votes
1
answer
2k
views
Why isn't Amazon using a NONCE for REST Authentication?
When you look at Amazons RESTAuthentication you can see that it doesn't use a nonce:
Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
Signature = Base64( HMAC-SHA1( ...
- 181
1
vote
1
answer
2k
views
How does (Py)NaCl work exactly?
At the moment, I deal with PyNaCl (Docs) and have a question about it:
My situation is that I want to create a server that interacts with clients. Both the server and the client will have a long-term ...
- 899
3
votes
1
answer
1k
views
Is it ok to append the nonce/iv to the ciphertext when using AES GCM?
I want to use AES GCM to encrypt data at rest. When retrieving the data, I want to make sure that the key is valid and the data has not been tempered with. Can I store the nonce/iv along with the ...
- 247
3
votes
1
answer
3k
views
Replay attack example for validating nonce?
I am trying to validate a JWT token received from Windows Azure. I am following the documentation here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-tokens/#validating-...
- 145