A method and system for distributed generation of unique random numbers. The unique random number can be used to create digital cookies or digital tokens. A first network device (e.g., a computer) on a computer network receives an x-bit bit mask template from a second network device on the computer network (e.g., a gateway). The first network device generates a first portion of an x-bit digital cookie. The first network device requests a second portion of the x-bit digital cookie from the second network device. The request includes the first portion of the x-bit digital cookie. The first network device generates a complete x-bit digital cookie using the first portion of the x-bit digital cookie generated by the first network device and the second portion of the x-bit digital cookie generated by the second network device. The generated complete x-bit digital cookie is not in use on the computer network because the second network device has selected the second portion of the bit mask so the complete x-bit digital cookie including the first portion generated on the first network device and the second portion generated on the second network device is not use on the computer network. The method and system can be used on a Distributed Network Address Translation ("DNAT") or a Realm Specific Internet Protocol ("RSIP") subnet to allow a network device (e.g., a computer) to create a complete x-bit digital cookie with help from a DNAT/RSIP gateway. The complete x-bit digital cookie can be used as a 64-bit anti-clogging cookie for security protocols such as Internet Key Exchange ("IKE") protocol exchanges used with Internet Protocol security ("IPsec").