Oh good point. It looks like anubis is using 64 byte random plus a nonce. Unless i'm missing something it seems like using 56 bytes random plus 8 byte nonce would be a better design or maybe hmac'ing the nonce & data together.

But then again using sha256 doesn't make sense at all.