Re: generating a nonce

On Thu, 9 Nov 2006 15:47:52 +1100, "Antony Clements"
<antony.clements@xxxxxxxxxxxxxxx> wrote:

Personally, I would do this in two passes.

(1) Find out the names of one or more currently recommended CSPRNGs. I
can't make any suggestions myself, because I do not know enough about
it. I have heard of Yarrow, and Fortuna, but I seriously -do not know-
whether those are considered "the sch***", or not. Perhaps the
wikipedia article would be a good start:
http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator

(2) You now have a set of candidate CSPRNGs. Pick one of their names,
and look for the source using google. For example, if the name was
blahblahblah, do the search:

blahblahblah source OR sourcecode OR "source code"

Or maybe someone else will make a suggestion.

i've been looking at yarrow and fortuna, fortuna has a lot of entropy pools,
32 of them if my memory serves correctly, some from software sources others
from hardweare sources, i don't know how many entropy pools yarrow has.
yarrow has the benefit of being from counterpane, i don't know who wrote
fortuna. all the same i'm leaning towards fortuna. no search on google has
in any form has yeilded readily useable fortuna source code, it's all in
C++, which means i would have to translate it. 1) it's too much of an
effort, 2) my C++ isn't good enough to be able to, so any effort made would
be wasted. alternately, i could use CryptGenRandom in the microsofr
cryptoAPI.

Fortuna is described in Practical Cryptography by Ferguson and
Schneier. There is a C# implementation at
http://www.codeproject.com/cpp/FortunaCSI.asp

rossum

.