How does this PHP nonce library work?

Question

From http://fullthrottledevelopment.com/php-nonce-library#download, there is a PHP nonce library, but there are a few things that I don\'t know understand. The first one is

Answer 1

Wow, DO NOT USE THIS LIBRARY. I am going to report this as a vulnerability right after this post. A Nonce is a value that is only used once, and this library does provide this. HOWEVER, the author was trying to prevent Cross Site Request Forgeries (XSRF). In order to prevent attackers from forging a message there needs to be a secret value that the attacker can't predict. In order to do this you need a Cryptographically Secure Random Number Generator or CSRPING. The Nonce that this library builds, is extremely predictable and could easily be brute forced using simple javascript.