Replay attack, also known as replay attack, replay attack or refresh attack, refers to an attacker sending a packet that the destination host has received to deceive the system, which is mainly used in the identity authentication process and undermines the correctness of authentication.
From the definition of replay attack, it can be seen that the data submitted to the server by replay attack was once valid. How to prevent this kind of data, give specific information a specific random number, which is stored in the server. The random number will be verified before the user information is verified. If it is found that the submitted random number is different from the random number stored in the server, this information is invalid. This method is used to prevent replay attacks.
Commonly used defense replay attacks will not directly expose random numbers, but generally random numbers will be used in MD5 and HASH (digital signature). For example, when encrypting valid values in MD5, random numbers are added. For example, the encryption process of MD5 with user name as test and password as test may be MD5 ("test", "test", random number), so that random values will not be exposed in direct transmission. When a hacker submits a replay attack, the system calculates that the MD5 signature is different from the system signature.
Of course, there are spears and shields, and it is also possible that this value is just redistributed to users, and the replay attack may succeed, but this probability can be regarded as 0 in scientific calculation, which decreases with the increase of the number of random numbers.