Randomizing Cryptography 6.1 Flashcards
Cryptographic Nonce
Means, “for the nonce”, or, for the time being. It’s only used once. It’s a random, or pseudo-random number. Something that can’t be reasonably guessed. Used during login process. Server gives nonce, calculate your password hash using the nonce. Each password has sent to the host will be different, so replay attacks can not work.
Initialization Vectors
It’s a type of nonce that is used for randomizing an encryption scheme. The more random the better. It’s used in encryption cyphers, WEP, and older SSL implementations.
Salt
This is a nonce that is most commonly associated with password randomization. It makes the password hash unpredictable. Password storage should always be salted. Each user gets a different salt. If the password database is breached, you can’t correlate any passwords. Even users with the same password have different hashes stored.