The algorithm I use is very simple -- I combine a variety of pieces of
information (including parts of the current message, the local system
name, the current date/time string, etc.) and feed the resulting very
long string into a digital signature algorithm. Such an algorithm produces
a 128-bit key as its output -- deducing an input string that would produce
the same output is computationally infeasible. Digital signature algorithms
are really very good, and there are a variety of ones to choose from (I
think MD4 is good enough for this, but there is always MD5 if you are
really paranoid). The resulting key is encoded into a printable form that's
roughly 40 characters long.
Now, knowing my algorithm, the system it is going to be run on, and the
precise time (down to 100ms or so), you might possibly be able to produce
a clash intentionally. But on the average (and that's the only case I care
about) the chances of this happening are 1 in 1E38. And if I found out
you were doing this I could always add a pseudo-random sequence as another
chunk of input that would add another 20 or so bits of jitter to the
calculation. If you then want to send a message that contains all the
possible keys that might occur for all the states of my generator mutiplied
by all the possible times I might elect to select the encoding, you of
course can do so. The message will be 2^20*40*100 (assuming you can get
the time quanta down to 100 possibles, which you can't) characters long.
Good luck on doing this.
Of course, I could be full of hot air on this. I have code in place to
tell me if a clash does occur in my code. It hasn't signalled me yet that
this has happened.
Ned