-
Notifications
You must be signed in to change notification settings - Fork 23.1k
Expand file tree
/
Copy pathindex.md
More file actions
24 lines (19 loc) · 1.35 KB
/
index.md
File metadata and controls
24 lines (19 loc) · 1.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
---
title: Nonce
slug: Glossary/Nonce
page-type: glossary-definition
sidebar: glossarysidebar
---
In cryptography and computer security, a **`nonce`** is an arbitrary number that is used **only once** in a cryptographic communication. The term is derived from "number used once" and is commonly employed to prevent replay attacks, ensure message freshness, and add randomness to cryptographic protocols.
Nonces are frequently used in authentication protocols, encryption schemes, hashing, and digital signatures. They may be generated randomly or pseudo-randomly, or derived deterministically, depending on the application and security requirements.
In web security, nonces are commonly used in mechanisms such as **Content Security Policy (CSP)** to allow specific scripts to execute while preventing cross-site scripting (XSS) attacks. In cryptographic protocols like {{Glossary("TLS")}}, nonces help ensure that each session is unique.
## See also
- [Cryptographic nonce](https://en.wikipedia.org/wiki/Cryptographic_nonce) on Wikipedia
- [Content Security Policy (CSP)](/en-US/docs/Web/HTTP/Guides/CSP)
- [Replay attack](https://en.wikipedia.org/wiki/Replay_attack) on Wikipedia
- Related glossary terms:
- {{Glossary("cryptography")}}
- {{Glossary("encryption")}}
- {{Glossary("Hash function", "hash")}}
- {{Glossary("TLS")}}
- {{Glossary("authentication")}}