Is there any fast implementation of cryptographically secure pseudorandom number generator (CSPRNG) for C# 3.0 (.NET Framework 3.5), for authentication tokens?
views:
228answers:
3
+4
A:
using System.Security.Cryptography;
...
RandomNumberGenerator rng = new RNGCryptoServiceProvider();
byte[] tokenData = new byte[32];
rng.GetBytes(tokenData);
string token = Convert.ToBase64String(tokenData);
But, I think that GUIDs are created using a CSPRNG, so that may be sufficient for your use case.
John Gietzen
2009-11-03 16:15:19
Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random, given the initial state one can predict up to the next 250 000 GUIDs returned by the function UuidCreate. This is why GUIDs should not be used in cryptography, e.g., as random keys. (from http://en.wikipedia.org/wiki/Globally_Unique_Identifier)
configurator
2009-11-03 16:36:47
This isn't specifically cryptography, tho. And, it would be difficult to predict the initial state of the machine.
John Gietzen
2009-11-03 17:07:19
A:
That depends on what you mean by fast...
There is no really fast secure random generator. If you want fast, you should use the regular Random class. If you want secure you should use the random generator in the Cryptography namespace, but that is significantly slower. You simply can't have both.
Guffa
2009-11-03 16:30:49