Security Encyclopedia


A nonce in cryptography is a number used to protect private communications by preventing replay attacks.

Nonces are random or pseudo-random numbers that authentication protocols attach to communications. Sometimes these numbers include a timestamp to intensity the fleeting nature of these communications. If subsequent requests to a server, for example during digest access authentication via username and password, contain the wrong nonce and/or timestamp, they are rejected. When used in this way, nonces prevent replay attacks that rely on impersonating prior communications in order to gain access.


“A nonce introduces randomness, and sometimes time-stamping, into communications so that the application can verify the user. This added uniqueness makes it impossible for hackers to use prior communications to impersonate the legitimate parties for nefarious purposes.”

Share This Post
Schedule A Demo