Re: generating a nonce




"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote in message
news:4r8gpbFq0ap4U1@xxxxxxxxxxxxxxxxx
Phil Carmody wrote:

"Antony Clements" <antony.clements@xxxxxxxxxxxxxxx> writes:
is this a good way to generate a nonce?

generate a number using VB rng, xor with date and time then run it
through a
secure rng?

What do you mean by "run it through a secure rng"?

Note that VB's PRNG is pretty predictable, and the date is pretty
predictable too.

And XORing them together is only about averaging their entropies.

i'm generating a number between 1 and 3, then a case select generates a
number

case1:
Seed = Int(26 * Rnd + 65)
case 2:
Seed = Int(26 * Rnd + 97)
case 3:
Seed = Int(10 * Rnd + 48)

then generating a random number
number = Rnd(Seed) * 2 ^ 31)

then i take the result of number mod seed and xor date, then take that
result and xor time and then use that number for a seed of a cryptographic
rng that i found some source code for called KCI that was devised by George
Marsaglia and Arif Zaman in 1987.

passkey(0) = PRNG.Rnd(1, number)

the documentation that came with it says that it passes all tests and has a
period of 2^144, is a combination of Fibonacci sequence amd operation with
randomly selected lags ([17,5] [33,13] [39,14] [52,24] [63,31] [73,25]
[97,33] [607,273]) and can produce 900 million different sequences with each
subsequence having a length of approximately 10^30.

so is it still secure? and if so how secure?


.



Relevant Pages

  • Re: new /dev/random
    ... ]It's supposed to be a *secure* PRNG. ... ]entropy and it still produces output, it's not secure, so it has a bug. ... it is an RNG not a PRNG. ...
    (sci.crypt)
  • Re: Safe session IDs
    ... > What is the most secure way of generating a session number? ... It may be secure enough, depending upon the resolution of microtime(), ... and what exactly the session ID is protecting. ... by using a RNG, or at least a better PRNG than rand. ...
    (SecProg)
  • Minimal crypto OTP by dummie
    ... After reading a little about encryption and OTPs I wondered if there is a ... did they have in WWI LOL) to make a key book. ... Then combine the key with the message using XOR or another ... So, my question is, would it be secure enough for the pre-computer days? ...
    (sci.crypt)
  • Re: and now for something completely different.
    ... cj = Pj xor Kj xor Ci ... which is, as Kristian pointed-out, is an ordinary stream cipher. ... if K_j is a secure key stream, ...
    (sci.crypt)
  • Re: generating a nonce
    ... secure rng? ... And XORing them together is only about averaging their entropies. ... Why do you believe that in this case XOR will average the entropies ...
    (sci.crypt)