# Re: generating a nonce

"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote in message
news:4r8gpbFq0ap4U1@xxxxxxxxxxxxxxxxx
Phil Carmody wrote:

"Antony Clements" <antony.clements@xxxxxxxxxxxxxxx> writes:
is this a good way to generate a nonce?

generate a number using VB rng, xor with date and time then run it
through a
secure rng?

What do you mean by "run it through a secure rng"?

Note that VB's PRNG is pretty predictable, and the date is pretty
predictable too.

And XORing them together is only about averaging their entropies.

i'm generating a number between 1 and 3, then a case select generates a
number

case1:
Seed = Int(26 * Rnd + 65)
case 2:
Seed = Int(26 * Rnd + 97)
case 3:
Seed = Int(10 * Rnd + 48)

then generating a random number
number = Rnd(Seed) * 2 ^ 31)

then i take the result of number mod seed and xor date, then take that
result and xor time and then use that number for a seed of a cryptographic
rng that i found some source code for called KCI that was devised by George
Marsaglia and Arif Zaman in 1987.

passkey(0) = PRNG.Rnd(1, number)

the documentation that came with it says that it passes all tests and has a
period of 2^144, is a combination of Fibonacci sequence amd operation with
randomly selected lags ([17,5] [33,13] [39,14] [52,24] [63,31] [73,25]
[97,33] [607,273]) and can produce 900 million different sequences with each
subsequence having a length of approximately 10^30.

so is it still secure? and if so how secure?

.

## Relevant Pages

• Re: new /dev/random
... ]It's supposed to be a *secure* PRNG. ... ]entropy and it still produces output, it's not secure, so it has a bug. ... it is an RNG not a PRNG. ...
(sci.crypt)
• Re: Safe session IDs
... > What is the most secure way of generating a session number? ... It may be secure enough, depending upon the resolution of microtime(), ... and what exactly the session ID is protecting. ... by using a RNG, or at least a better PRNG than rand. ...
(SecProg)
• Minimal crypto OTP by dummie
... After reading a little about encryption and OTPs I wondered if there is a ... did they have in WWI LOL) to make a key book. ... Then combine the key with the message using XOR or another ... So, my question is, would it be secure enough for the pre-computer days? ...
(sci.crypt)
• Re: and now for something completely different.
... cj = Pj xor Kj xor Ci ... which is, as Kristian pointed-out, is an ordinary stream cipher. ... if K_j is a secure key stream, ...
(sci.crypt)
• Re: Ask any human to choice a number between 0 - 0xFFFFFFFF
... (The XOR is in case someone was ... the random.org transmission - not because I don't think the data is ... Sure, a much more secure one is to use /dev/urandom on Linux, or if really ...
(sci.crypt)