Valor
aleatorio que no se repite nunca. Se utiliza en protocolos criptográficos para
prevenir ataques de tipo 'replay'.
A value used in security
protocols that is never repeated with the same key. For example, nonces used as
challenges in challenge-response authentication protocols must not be repeated
until authentication keys are changed. Otherwise, there is a possibility of a
replay attack. Using a nonce as a challenge is a different requirement than a
random challenge, because a nonce is not necessarily unpredictable. [NIST-SP800-63:2013]
A random or non-repeating
value that is included in data exchanged by a protocol, usually for the purpose
of guaranteeing the transmittal of live data rather than replayed data, thus
detecting and protecting against replay attacks. [CNSSI_4009:2010]
(I) A random or
non-repeating value that is included in data exchanged by a protocol, usually
for the purpose of guaranteeing liveness and thus detecting and protecting
against replay attacks. (See: fresh.)
[RFC4949:2007]
Nonce means 'for the present
time' or 'for a single occasion or purpose', although the word is not often
found in general use. A dictionary may note nonce words, those for which there
is only a single textual instance.
In security engineering, a
nonce is a 'number used once'. It is often a random or pseudo-random number
issued in an authentication protocol to ensure that old communications cannot
be reused in 'replay attacks'. For instance, nonces are used in HTTP digest
access authentication to calculate an MD5 digest of the password. The nonces
are different each time the 401 authentication challenge response code is
presented, thus making the replay attack virtually impossible. Some also refer
to Initialization Vectors as nonces for the above reasons. In order to ensure
that a nonce is used only once it should be time-variant (including a suitably
granular timestamp in its value), or generated with enough random bits to
ensure a probabilistically insignificant chance of repeating a previously
generated value.
http://en.wikipedia.org/wiki/Nonce
A non-repeating value, such
as a counter, used in key management protocols to thwart replay and other types
of attack. [x942]
A nonce is a time-variant
parameter, such as a counter, random number, or time stamp, used in key
management protocols to thwart message replay and other types of attacks. [X942]
http://www.garlic.com/~lynn/x9fgloss.htm