Nonces should be used for the present occasion and only once.
Time of Introduction
Architecture and Design
Technical Impact: Bypass protection
mechanism; Gain privileges / assume
Potentially a replay attack, in which an attacker could send the same
data twice, could be crafted if nonces are allowed to be reused. This
could allow a user to send a message which masquerades as a valid
message from a valid user.
Likelihood of Exploit
This code takes a password, concatenates it with a nonce, then
encrypts it before sending over a network:
Because the nonce used is always the same, an attacker can impersonate
a trusted party by intercepting and resending the encrypted password.
This attack avoids the need to learn the unencrypted password.
This code sends a command to a remote server, using an encrypted
password and nonce to prove the command is from a trusted
String command = new String("some command to execute");