Security Encyclopedia


A nonce in cryptography is a number used to protect private communications by preventing replay attacks.

Nonces are random or pseudo-random numbers that authentication protocols attach to communications. Sometimes these numbers include a timestamp to intensity the fleeting nature of these communications. If subsequent requests to a server, for example during digest access authentication via username and password, contain the wrong nonce and/or timestamp, they are rejected. When used in this way, nonces prevent replay attacks that rely on impersonating prior communications in order to gain access.


“A nonce introduces randomness, and sometimes time-stamping, into communications so that the application can verify the user. This added uniqueness makes it impossible for hackers to use prior communications to impersonate the legitimate parties for nefarious purposes.”