# Re: generating a nonce

*From*: "Antony Clements" <antony.clements@xxxxxxxxxxxxxxx>*Date*: Tue, 7 Nov 2006 09:22:56 +1100

"Sebastian Gottschalk" <seppi@xxxxxxxxx> wrote in message

news:4r8gpbFq0ap4U1@xxxxxxxxxxxxxxxxx

Phil Carmody wrote:

"Antony Clements" <antony.clements@xxxxxxxxxxxxxxx> writes:

is this a good way to generate a nonce?

generate a number using VB rng, xor with date and time then run it

through a

secure rng?

What do you mean by "run it through a secure rng"?

Note that VB's PRNG is pretty predictable, and the date is pretty

predictable too.

And XORing them together is only about averaging their entropies.

i'm generating a number between 1 and 3, then a case select generates a

number

case1:

Seed = Int(26 * Rnd + 65)

case 2:

Seed = Int(26 * Rnd + 97)

case 3:

Seed = Int(10 * Rnd + 48)

then generating a random number

number = Rnd(Seed) * 2 ^ 31)

then i take the result of number mod seed and xor date, then take that

result and xor time and then use that number for a seed of a cryptographic

rng that i found some source code for called KCI that was devised by George

Marsaglia and Arif Zaman in 1987.

passkey(0) = PRNG.Rnd(1, number)

the documentation that came with it says that it passes all tests and has a

period of 2^144, is a combination of Fibonacci sequence amd operation with

randomly selected lags ([17,5] [33,13] [39,14] [52,24] [63,31] [73,25]

[97,33] [607,273]) and can produce 900 million different sequences with each

subsequence having a length of approximately 10^30.

so is it still secure? and if so how secure?

.

**References**:**generating a nonce***From:*Antony Clements

**Re: generating a nonce***From:*Phil Carmody

- Prev by Date:
**Re: Chaum's punchscan** - Next by Date:
**Re: Random delay as a countermeasure to timing attacks** - Previous by thread:
**Re: generating a nonce** - Next by thread:
**Re: generating a nonce** - Index(es):