What type of attack can a nonce defend against?

What type of attack can a nonce defend against?

replay attacks
Definition(s): A random or non-repeating value that is included in data exchanged by a protocol, usually for the purpose of guaranteeing the transmittal of live data rather than replayed data, thus detecting and protecting against replay attacks.

What is a client nonce?

The client nonce is there to protect the client against a replay attack. Without the client nonce, an attacker could intercept the initial request for a nonce by CS, and respond with an old nonce that the server used previously.

Are all stream ciphers perfectly secret?

The key of a stream cipher is no longer as long as the original message. Hence, it can no longer guarantee “perfect secrecy”. However, it can still achieve a strong level of security.

Can a replay attack work with a client nonce?

A replay attack won’t work (because the server is keeping track of the client nonces). The attacker can’t just generate a new message with a new client nonce, because it doesn’t know how to sign the new message appropriately (i.e. it lacks the client secret, or private key).

Why is the use of a client nonce important?

Given that the body of the message can change (essentially having no effect on the hash) it’s important to have something else that will change (ie. the nonce) to make sure that requests are unique. Given the open/plain text nature of HTTP, this is pretty important.

Which is the greatest vulnerability of a nonce?

If a person can sniff and insert packets, the greatest vulnerability is a man-in-the-middle attack which neither a nonce nor a cnonce can overcome, therefore making both meaningless.

Can you generate a password from a nonce?

Eve can’t generate h (password || nonce) from h (password || fake_nonce) and in theory it seems like the server shouldn’t accept h (password || fake_nonce) anyway since the server should know what nonce’s it’s issued and what nonce’s it hasn’t. Thanks for contributing an answer to Information Security Stack Exchange!