Represents a nonce manager. Its responsibility is to produce nonce values and verify nonce values from untrusted sources that they are provided by this manager. This is usually required in web environment to mitigate CSRF attacks. Depending on it's underlying implementation it could be stateful or stateless. Note that there is usually some timeout for nonce values to reduce memory usage and to avoid replay attacks. Nonce length is unspecified.