Home/ Questions/Q 6096073
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T12:53:03+00:00

HTTP request may be received in quick succession, for avoiding re-running the while protocol

  • 0

HTTP request may be received in quick succession, for avoiding re-running the while protocol for each request, the server nonce may be re-used (timestamp for nonce to determine the window in which client request are valid) by the client for multiple requests.

What are pros and cons using this method?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The pros of re-using a nonce are that it does take less resources for maintaining and checking valid nonces and can avoid authentication failures for pipelined requests:

    […] the method
    chosen for generating and checking the nonce also has performance and
    resource implications. For example, a server may choose to allow
    each nonce value to be used only once by maintaining a record of
    whether or not each recently issued nonce has been returned and
    sending a next-nonce directive in the Authentication-Info header
    field of every response. This protects against even an immediate
    replay attack, but has a high cost checking nonce values, and perhaps
    more important will cause authentication failures for any pipelined
    requests (presumably returning a stale nonce indication).

    However, the cons are that replay attacks are more probable than with one-time nonces:

    For applications where no possibility of replay attack can be
    tolerated the server can use one-time nonce values which will not be
    honored for a second use. This requires the overhead of the server
    remembering which nonce values have been used until the nonce time-
    stamp (and hence the digest built with it) has expired, but it
    effectively protects against replay attacks.

    • 0