Use cryptographically random bytes to generate nonce

[NicholasEllul]

WHY are these changes introduced?

The current implementation of the nonce generating function is based off of the current date (in seconds), and Math.random. Math.random is not cryptographically secure and as a result, the numbers can be predicted. Switching to using cryptographically random bytes to generate the nonce will allow for a more truly random numbers.

WHAT is this pull request doing?

This PR makes use of node's crypto.randomBytes() function to generate 15 random bytes. I then mod by 10 to extract the last digit from the byte and use that as a digit in the nonce.

Type of change

• Patch: Bug (non-breaking change which fixes an issue)
• Minor: New feature (non-breaking change which adds functionality)
• Major: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist

• I have added a changelog entry, prefixed by the type of change noted above
• I have added/updated tests for this change
• I have documented new APIs/updated the documentation for modified APIs (for public APIs)

[mkevinosullivan]

Thank you Nicholas. I didn't realize Math.random() was so unsafe.

[thecodepixi]

Thank you for this Nicholas! This is a much better approach.