Talk:Replay attack

Computer Security: Computing High‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

High

This article has been rated as High-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Cryptography: Computer science Top‑importance

	This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles
Top	This article has been rated as Top-importance on the importance scale.
	This article is supported by WikiProject Computer science (assessed as Mid-importance).

Delay attacks[edit]

There are many protocols where Mallory can do great damage if he can simply delay a message. If Mallory can for example delay the message 'open the door' until Alice has gone away, he can gain unauthorized access. I've included this delay attack in our definition of replay attacks, because defending against it implies defending against other replay attacks and the analysis is quite similar. -- Nroets 28 June 2005 08:52 (UTC)

Session Token vs. Nonce[edit]

The article does not really make clear the difference between a session token and a nonce, although it claims that they are handled differently. Actually, the authentication procedure described for session tokens is almost the same that is shown in the picture in the nonce article, the pic just adds a client nonce.

So why would a nonce need to be protected by a MAC, but not a token?

(In my mind, a session token is just a special application of the more general concept of a nonce.) —Preceding unsigned comment added by 84.177.187.77 (talk) 00:49, 14 January 2010 (UTC)[reply]

It appears that the article was written on the basis that a nonce can be guessed by an attacker beforehand. If the attacker can pose as Bob and get Alice to use a nonce that he guessed, he can use the reply from Alice in a later exchange with Bob.

A session token should contain sufficient randomness as to prevent this attack. -- Nic Roets (talk) 19:19, 4 January 2014 (UTC)[reply]

Unclear 'General countermeasure for all replay attacks'[edit]

This section (and possibly others) needs to be rewritten, as it is not understandable as is. For example, it does not become clear what the significance of 'interdependence' is. — Preceding unsigned comment added by 130.233.97.85 (talk • contribs) 03:29, 31 July 2019 (UTC)[reply]

This is an Eve?[edit]

The attac is active, therefore it's a Mallory. Polluks ★ 13:33, 13 March 2023 (UTC)[reply]