In the field of cryptography, its important that things that are supposed to be secret stay secret.

One issue that is faced is precomputation.

Unfortunately, theres no real way to prevent this scenario completely.

How to Unlock iPhone Without Password or Computer

It is possible to make it a lot harder, though.

Its already tough to guess the exact contents of a message and the encryption key used to encrypt it.

But even this risk of the ability to guess things is too high.

Contents

IV

The IV is another value fed into the encryption and decryption algorithm.

Funnily enough, the IV doesnt even need to be secret.

What it does need to be is unique.

To that end, you cant just pick one IV and stick with it; you must change it.

Furthermore, using a different IV each time makes cryptanalysis of the resulting ciphertexts harder.

To have a reliably unique value, you want to use a nonce, specifically a cryptographic nonce.

Typically, this is achieved by incorporating some form of time stamp within the value.

In general, to avoid any confusion, it is best to use the term cryptographic nonce specifically.

Lets say that this request tells the server to spend time generating a report.

The attacker can multiply the amount of work needed by repeating the request multiple times.

Often the attacker can also slightly modify the request in an automated fashion too.

In this scenario, the token needs to be unique and shouldnt be reused.

Thus, a cryptographic nonce fits the bill.

Conclusion

A cryptographic nonce is a cryptographically secure random number that should only be used once.

Doing so renders precomputation attacks impossible while not requiring the cryptographic nonce itself to remain secret.

Its primary use is as the initialization vector in encryption schemes.

The term is often claimed to mean number used ONCE; however, this is a false etymology.

The word comes from Middle English to mean something used once or temporarily.

Nevertheless, the number used once concept helps explain what a cryptographic nonce is intended for.

To help with this aim, it often includes some form of a timestamp.