nonce

I am not sure if I got it right: a counter of messages can be used as/instead of the nonce? I mean a message like this: Header(2bytes) | counter(8bytes) | Body(n bytes encrypted) | HMAC-SHA1 with counter = 1 (63 of the bits=0) is ok? I understand that I should never use the same key with the same nonce twice. What do I do when a new connection is started and counter starts from 1 again? Artjom B. I understand that I should never use the same key with the same nonce twice. What do I do when a new connection is started and counter starts from 1 again? If you re-use a nonce with the same key,

import javax.crypto.Cipher; public abstract class Crypto { private static final String CIPHER_ALGORITHM = "AES/CTR/NoPadding"; private String AesKeyString = "ByWelFHCgFqivFZrWs89LQ=="; private void setKey() throws NoSuchAlgorithmException{ byte[] keyBytes; keyBytes = Base64.getDecoder().decode(AesKeyString); aesKey = new SecretKeySpec(keyBytes, "AES"); } protected byte[] execute(int mode, byte[] target, byte[] iv) throws Exception{ Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM); IvParameterSpec ivSpec = new IvParameterSpec(iv); cipher.init(mode, aesKey, ivSpec); return cipher.doFinal

Smart Wordpress people say that plugin developers should employ a nonce in each AJAX request that is sent from a page back to the wordpress blog (admin-ajax.php). This is done by (1) generating a nonce on the server side, via $nonce = wp_create_nonce ('my-nonce'); ...(2) making that nonce available to Javascript code that sends AJAX requests. For example you could do it like this: function myplg_emit_scriptblock() { $nonce = wp_create_nonce('myplg-nonce'); echo "<script type='text/javascript'>\n" . " var WpPlgSettings = {\n" . " ajaxurl : '" . admin_url( 'admin-ajax.php' ) . "',\n" . " nonce :

YES, I've read all the docs @ developer.android.com and I do understand it all with one basic exception - what it was introduced for. Since all order responses from Google Play come signed by inaccessible-by-anyone private key and are being verified by paired public key (in my case on external server, so it is also inaccessible for third person) there's simply (almost) no way to spoof. All those nonces are just redundant way of securing the purchases. And what's more, the docs say nothing about the situation, when: I purchase an item; Generate nonce and send it to Google Play; Have a crash, so

I am writing an app where users can communicate between devices with end to end encryption. For this I use the libsodium encryption library. The asymmetric encryption function, crypto_box(...) requires a nonce as one of the arguments. I am a bit confused about how to handle nonces. Does every message to one person need to be encrypted using different nonces? This does not seem right since I would have to store the used nonces on a server with public access where an attacker could just use one of the used nonces again. Is it enough that all messages sent from A to B have different nonces or can