what is nonce in the api client

Question

I have a API client to make a PHP call. But as a matter of fact the documentation given with the API is very limited, so I don't really know how to use it. This a part of the API code:

$name = readline("Name: ");
$id = readline("ID: ");

$data = $name.$id;

$test = new PoW(sha1($name.$id));

echo "Original data: " . $data . "\n";
echo "data: " . $test->data . "\n";
echo "nonce: " . $test->nonce . "\n";
echo "hash: " . $test->hash . "\n";

$result = file_get_contents("https://test.com/api/search.php?mode=pow&hash={$test->data}&nonce={$test->nonce}");

echo "\n" . $result . "\n";

I don't know what is nonce and how does it works.

Stephen C · Accepted Answer · 2022-01-09T12:50:16.650

The NIST glossary defines a nonce as follows:

"A time-varying value that has at most a negligible chance of repeating, for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these."

Source: https://csrc.nist.gov/glossary/term/nonce

See also:

How to create and use nonces

Nonce values are typically used in security related use-cases to help defend against replay attacks.

It is not obvious (to me) how the nonce should be generated and used for your particular use-case. However, for it to be effective, it needs to be part of the message that is being hashed.

score 1 · Answer 2 · answered Jan 09 '22 at 11:28

1

Nonce stands for Number Once, it's an arbitrary number but is usually a random / sudo random value. So you must pass a number rather than a string.

answered Jan 09 '22 at 11:28

James McNee

302
2
14

what is nonce in the api client

2 Answers2