Nonce (Number Used Once)

A nonce, short for "number used once," is a cryptographic primitive consisting of an arbitrary number or string generated for a single, specific use. Its primary purpose is to prevent replay attacks, where an attacker intercepts and retransmits valid data — such as session tokens, authentication credentials, or API requests — to gain unauthorized access or disrupt services. Nonces are typically produced by cryptographically secure pseudo-random number generators, ensuring they are both unpredictable and unique across different sessions or transactions.

Nonces are integral to a wide range of security protocols, including challenge-response authentication, digital signature schemes, and secure API communications. By embedding a unique nonce in each request or data exchange, systems can verify the freshness and legitimacy of every interaction, effectively ensuring that captured messages cannot be replayed by an adversary. This makes nonces a critical security control for maintaining the integrity, authenticity, and non-replayability of communications across web applications and distributed systems.