Nonce

from Wikipedia, the free encyclopedia

A nonce describes a temporary word, a sequence of letters or numbers that were chosen for a short time with the intention of being replaced by something better soon.

origin

The English word “nonce” goes back to the medieval phrase “for the nonce” = “for this once, for the time being” ( resulting from “for þan anes” through re- segmentation in Middle English ), ie a provisional statement or regulation that will soon apply change is. The use walked in the printing industry to "nonce word" = "preliminary word placeholder". In linguistics , also called an "nonce word" (German " nonce ") which spontaneously invented word to (possibly temporary) designation of a thing for it as yet been no appropriate designation.

Use in cryptography

Typical client-server communication using nonce-based authentication of the client. If the server returns a nonce twice, a previously recorded response from the client can be used using the same nonce to authenticate without knowing the password.

In cryptography , the term nonce (abbreviation for: "used only once" or "number used once" ) was used to denote a combination of numbers or letters that is only used once in the respective context. In many protocols, the security of the process is compromised if a nonce is used twice. Similar to the use of weak random numbers, this error is difficult to detect because the protocols usually still work when viewed from the outside, but are easily vulnerable to attack. Typical ways of generating a nonce are the use of (cryptographically secure) random values ​​that are sufficiently large that the probability of double use is negligible (see birthday paradox ), or the use of a counter. Nonces are used, for example, to prevent replay attacks .

Nonce are used in SSL / TLS , for example .

Footnotes

  1. ^ Douglas Harper: nonce. In: Online Etymology Dictionary. Retrieved June 2, 2013 .
  2. Quark was originally chosen as the nonce word for a “particle class yet to be named”, but then spread in this form
  3. http://www.dict.cc/englisch-deutsch/nonce.html
  4. ^ Roger M. Needham, Michael D. Schroeder: Using encryption for authentication in large networks of computers . In: ACM (Ed.): Communications of the ACM . tape 21 , no. December 12 , 1978, ISSN  0001-0782 , pp. 993-999 , doi : 10.1145 / 359657.359659 .
  5. ^ Ross Anderson : Security Engineering. A Guide to Building Dependable Distributed Systems . Wiley, 2001, ISBN 0-471-38922-6 , pp. 15 ( cam.ac.uk ).