I have a API client to make a PHP call. But as a matter of fact the documentation given with the API is very limited, so I don’t really know how to use it. This a part of the API code:
$name = readline("Name: ");
$id = readline("ID: ");
$data = $name.$id;
$test = new PoW(sha1($name.$id));
echo "Original data: " . $data . "n";
echo "data: " . $test->data . "n";
echo "nonce: " . $test->nonce . "n";
echo "hash: " . $test->hash . "n";
$result = file_get_contents("https://test.com/api/search.php?mode=pow&hash={$test->data}&nonce={$test->nonce}");
echo "n" . $result . "n";
I don’t know what is nonce and how does it works.
Advertisement
Answer
The NIST glossary defines a nonce as follows:
“A time-varying value that has at most a negligible chance of repeating, for example, a random value that is generated anew for each use, a timestamp, a sequence number, or some combination of these.”
Source: https://csrc.nist.gov/glossary/term/nonce
See also:
Nonce values are typically used in security related use-cases to help defend against replay attacks.
It is not obvious (to me) how the nonce should be generated and used for your particular use-case. However, for it to be effective, it needs to be part of the message that is being hashed.