Re: generating a nonce




"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote in message
news:4r8gpbFq0ap4U1@xxxxxxxxxxxxxxxxx
Phil Carmody wrote:

"Antony Clements" <antony.clements@xxxxxxxxxxxxxxx> writes:
is this a good way to generate a nonce?

generate a number using VB rng, xor with date and time then run it
through a
secure rng?

What do you mean by "run it through a secure rng"?

Note that VB's PRNG is pretty predictable, and the date is pretty
predictable too.

And XORing them together is only about averaging their entropies.

i'm generating a number between 1 and 3, then a case select generates a
number

case1:
Seed = Int(26 * Rnd + 65)
case 2:
Seed = Int(26 * Rnd + 97)
case 3:
Seed = Int(10 * Rnd + 48)

then generating a random number
number = Rnd(Seed) * 2 ^ 31)

then i take the result of number mod seed and xor date, then take that
result and xor time and then use that number for a seed of a cryptographic
rng that i found some source code for called KCI that was devised by George
Marsaglia and Arif Zaman in 1987.

passkey(0) = PRNG.Rnd(1, number)

the documentation that came with it says that it passes all tests and has a
period of 2^144, is a combination of Fibonacci sequence amd operation with
randomly selected lags ([17,5] [33,13] [39,14] [52,24] [63,31] [73,25]
[97,33] [607,273]) and can produce 900 million different sequences with each
subsequence having a length of approximately 10^30.

so is it still secure? and if so how secure?


.