Reusing a Nonce, Key Pair in Encryption

From Guidance Share

Jump to: navigation, search

Contents

Description

Nonces should be used only once.

Applies To

  • Languages: Any
  • Operating platforms: Any


Example

The following code shows a hardcoded nonce being used:

int main(){
char *paragraph = NULL;
char *data = NULL;
char *nonce = “bad“;
char *password = “secret”;
parsize=strlen(nonce)+strlen(password);
paragraph=(char*)malloc(para_size);
strncpy(paragraph,nonce,strlen(nonce));
strcpy(paragraph,password,strlen(password));
data=(unsigned char*)malloc(20);
SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);
free(paragraph);
free(data);
//Do something with data//
return 0;
}

The nonce should vary across sessions.


Impact

  • Authentication: A replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.


Vulnerabilities

Countermeasures

  • Implementation: Refuse to reuse nonce values. Use techniques such as incrementing, time based and/or challenge response to assure uniqueness of nonces.


Vulnerability Patterns


How Tos

Personal tools