0Pricing
Cryptology Academy · Lesson

Generating Keys, Nonces & IVs Safely

Use secrets, os.urandom, and safe wrappers in Python and Node.

The Three Categories

Three distinct cryptographic values need secure generation: (1) Keys — long-lived, must be unpredictable and secret. (2) IVs — per-message, may be public but must be unpredictable (CBC) or unique (GCM). (3) Nonces — must be unique per use, may or may not be random.

Symmetric Keys

AES-128: secrets.token_bytes(16). AES-256: secrets.token_bytes(32). ChaCha20: secrets.token_bytes(32). Never derive keys from passwords without KDF (PBKDF2/Argon2). Never reuse keys across different algorithms or purposes.

All lessons in this course

  1. True Randomness vs Pseudorandomness
  2. Cryptographically Secure PRNGs
  3. Entropy Starvation & Weak-Key Bugs
  4. Generating Keys, Nonces & IVs Safely
← Back to Cryptology Academy