On Sat, Jun 26, 2021 at 2:38 PM Vasilij Schneidermann <firstname.lastname@example.org
2. Cool that you use tweetnacl for encryption, but please don't use
random numbers for nonces, that's just wrong. Nonces are not supposed to
be secret, random or unpredictable, but unique numbers that do not
repeat. Random numbers do repeat eventually.
*Any* numeric sequence will repeat eventually unless it grows without bound, like a TAI timestamp. But actually it's not enough that a nonce be unique, otherwise 1, 2, 3, ... would be a perfectly good sequence of nonces. So you do want a long-period cryptographically strong random sequence like ChaCha20 or Fortuna, or it will be possible to predict the next nonce from the previous nonces.