Reusing a Nonce, Key Pair in Encryption
Weakness ID: 323 (Weakness Base)Status: Incomplete
+ Description

Description Summary

Nonces should be used for the present occasion and only once.
+ Time of Introduction
  • Architecture and Design
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Authentication

Potentially a replay attack, in which an attacker could send the same data twice, could be crafted if nonces are allowed to be reused. This could allow a user to send a message which masquerades as a valid message from a valid user.

+ Likelihood of Exploit

High

+ Demonstrative Examples

Example 1

Example Language:
#include <openssl/sha.h>
#include <stdio.h>
#include <string.h>
#include <memory.h>

int main(){
char *paragraph = NULL;
char *data = NULL;
char *nonce = "bad";
char *password = "secret";
parsize=strlen(nonce)+strlen(password);
paragraph=(char*)malloc(para_size);
strncpy(paragraph,nonce,strlen(nonce));
strcpy(paragraph,password,strlen(password));
data=(unsigned char*)malloc(20);
SHA1((const unsigned char*)paragraph,parsize,(unsigned char*)data);
free(paragraph);
free(data);
//Do something with data//
return 0;
}
Example Language: C++ 
String command = new String("some command to execute");
MessageDigest nonce = MessageDigest.getInstance("SHA");
nonce.update(String.valueOf("bad nonce"));
byte[] nonce = nonce.digest();
MessageDigest password = MessageDigest.getInstance("SHA");
password.update(nonce + "secretPassword");
byte[] digest = password.digest();
//do something with digest//
+ Potential Mitigations

Requirements specification: The choice could be made to use a language that is not susceptible to these issues.

Phase: Implementation

Refuse to reuse nonce values.

Phase: Implementation

Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces.

+ Background Details

Nonces are often bundled with a key in a communication exchange to produce a new session key for each exchange.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory320Key Management Errors
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base344Use of Invariant Value in Dynamically Changing Context
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPReusing a nonce, key pair in encryption
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Background Details, Common Consequences, Relationships, Taxonomy Mappings