Re: generating a nonce
- From: "Antony Clements" <antony.clements@xxxxxxxxxxxxxxx>
- Date: Tue, 7 Nov 2006 09:22:56 +1100
"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote in message
Phil Carmody wrote:
"Antony Clements" <antony.clements@xxxxxxxxxxxxxxx> writes:
is this a good way to generate a nonce?
generate a number using VB rng, xor with date and time then run it
What do you mean by "run it through a secure rng"?
Note that VB's PRNG is pretty predictable, and the date is pretty
And XORing them together is only about averaging their entropies.
i'm generating a number between 1 and 3, then a case select generates a
Seed = Int(26 * Rnd + 65)
Seed = Int(26 * Rnd + 97)
Seed = Int(10 * Rnd + 48)
then generating a random number
number = Rnd(Seed) * 2 ^ 31)
then i take the result of number mod seed and xor date, then take that
result and xor time and then use that number for a seed of a cryptographic
rng that i found some source code for called KCI that was devised by George
Marsaglia and Arif Zaman in 1987.
passkey(0) = PRNG.Rnd(1, number)
the documentation that came with it says that it passes all tests and has a
period of 2^144, is a combination of Fibonacci sequence amd operation with
randomly selected lags ([17,5] [33,13] [39,14] [52,24] [63,31] [73,25]
[97,33] [607,273]) and can produce 900 million different sequences with each
subsequence having a length of approximately 10^30.
so is it still secure? and if so how secure?