Menu
In challenge-response mechanism (and other systems), it advised not to use time-based nonce.
Why it should be avoided?
606
(Disclaimer: I have no degree in crypto, everything I wrote is just a layman's opinion.)
Using time-based nonces is discouraged because they are likely to incidentally collide and easy to be implemented in a wrong way.
Nonces (“numbers used only once”) are not the same thing as secret keys or initialization vectors. The ciphers that use them are usually designed bearing in mind that:
So, it's perfectly okay to select zero as the starting nonce and increment it before sending each successive message. Nonce predictability is not an issue at all.
The sole reason why time-based nonces are discouraged are probable backward clock adjustments. If your system NTP service rewinds your clock two seconds backward, then your are likely to send two encrypted messages with the same nonce within the short period of time. If you can guaranty that no clock rewinds will ever happen, than go ahead.
Another point against time-based nonces is that the clock resolution may be not enough to provide each message with a unique number.
UPD:
Using counter-based or time-based nonces is safe in terms of encryption strength. However, they may weaken your security system by providing attacker with additional information, namely: how much messages have the you system already sent, that's the average message rate, that are the number of clients it serves simultaneously, and so on. The attacker may be able to use this information to their advantage.That's called a side-channel attack.
See also:
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
