otp_crypto/rand_nonce library

OTP Crypto – Random 8-byte nonce generator

Generates cryptographically-secure nonces of exactly 8 bytes. Used in the wire header as n (Base64-encoded).

SECURITY NOTES:

  • Uses Random.secure() which delegates to the platform CSPRNG.
  • Nonce is not a secret, but must be unpredictable to reduce collision risk within a time-window.
  • Upstream layers may track seen nonces (per-window) to mitigate replay.

HINTS:

  • Use NonceGenerator.default() for production.
  • In tests, stub with FixedNonceGenerator for deterministic output.

Classes

FixedNonceGenerator
Deterministic nonce generator for tests. Repeats the provided sequence cyclically if shorter than 8 bytes.
NonceGenerator
Abstract nonce generator interface to enable testing/mocking.