The security of many cryptographic systems depends upon the generation of unpredictable quantities. Examples include the keystream in the one-time pad (x1.5.4), the secret key in the DES encryption algorithm (x7.4.2), the primes p; q in the RSA encryption (x8.2) and digital signature (x11.3.1) schemes, the private key a in the DSA (x11.5.1), and the challenges used in challenge-response identification systems (x10.3). In all these cases, the quantities generated must be of sufficient size and be