Nonce

By Deane Barker

In linguistics, a fake word invented to fill a specific, immediate language need. One envisions a child making up a word to refer to something her or she doesn’t know the actual name of.

“for the none” is Middle English for “for this one time.”

The term is also used in programming to refer to a temporary, relatively unique value that would be hard to guess and signifies something.

In very general terms, “nonce” means something random and intentionally temporary.

Why I Looked It Up

I encountered the word in programming.

In the software WordPress, “nonce” appears several times in the code:

A nonce is a “number used once” to help protect URLs and forms from certain types of misuse, malicious or otherwise. WordPress nonces aren’t numbers but are a hash made up of numbers and letters. Nor are they used only once, but have a limited “lifetime” after which they expire. During that time period, the same nonce will be generated for a given user in a given context. The nonce for that action will remain the same for that user until that nonce life cycle has completed.

(The “number used once” definition here is non-standard, though it fits the word nicely.)

WordPress creates random combinations of digits and letters to form a unique value that can be used to persist a reference to the same thing. The software adds them to URLs, like this:

http://example.com/wp-admin/post.php?post=123&action=trash&_wpnonce=b192fc4204

The _wpnonce value is checked when the request comes in to ensure it’s the same as the stored value.

Postscript

I’ve been recently doing quite a bit of reading about blockchain, and “nonce” is a concept used in that technology. A blockchain miner adds a nonce value to a set of transactions to try and complete the proof-of-work. In this case, it’s just a random value.

This is item #583 in a sequence of 961 items.

You can use your left/right arrow keys to navigate