Recipe17.7.A Better Random Number Generator

Recipe 17.7. A Better Random Number Generator

Problem

You need a random number with which to generate items such as a sequence of session keys. The random number must be as unpredictable as possible so that the likelihood of predicting the sequence of keys is as low as possible.

Solution

Use the class System.Security.Cryptography.RNGCryptoServiceProvider.

The RNGCryptoServiceProvider is used to populate a random byte array using the GetBytes method that is then printed out as a string in the following example:

 public static void BetterRandomString( ) {     // Create a stronger hash code using RNGCryptoServiceProvider.     byte[] random = new byte[64];     RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider( );     // Populate with random bytes.     rng.GetBytes(random);     // Convert random bytes to string.     string randomBase64 = Convert.ToBase64String(random);     // Display.     Console.WriteLine("Random string: {0} ",randomBase64); }

The output of this method is shown here:

 Random string: xDNitrreUpMmlO7Opd6AFvMC8VIG9+sAGfyvdZr2lEY1M3n2v3Ap4JIkYfJWW+sZaJjJMxj475VlVQFoRKvF g==

Discussion

Random provides methods like Next, NextBytes, and Nextdouble to generate random information for integers, arrays of bytes, and doubles, respectively. These methods can produce a moderate level of unpredictability, but to truly generate a more unpredictable random series, you need to use the RNGCryptoServiceProvider.

RNGCryptoServiceProvider can be customized to use any of the underlying Win32 Crypto API providers. You pass a CspParameters class in the constructor to determine exactly which provider is responsible for generating the random byte sequence. CspParameters allows you to customize items such as the key container name, the provider type code, the provider name, and the key number used.

The GetBytes method populates the entire length of the byte array with random bytes.