On Sat, Jun 26, 2021 at 2:38 PM Vasilij Schneidermann <m...@vasilij.de> wrote:
> 2. Cool that you use tweetnacl for encryption, but please don't use > random numbers for nonces, that's just wrong. Nonces are not supposed to > be secret, random or unpredictable, but unique numbers that do not > repeat. Random numbers do repeat eventually. *Any* numeric sequence will repeat eventually unless it grows without bound, like a TAI timestamp. But actually it's not enough that a nonce be unique, otherwise 1, 2, 3, ... would be a perfectly good sequence of nonces. So you do want a long-period cryptographically strong random sequence like ChaCha20 or Fortuna, or it will be possible to predict the next nonce from the previous nonces.
