In .NET, you can generate RSA key pairs using RSACryptoServiceProvide. But is that the best option in .NET to generate truly random numbers? There are tons of other open source libraries, such as CryptoPlusPlus, that can be used to generate random number. I would like to hear from other experts' opinions. Thanks in advance for your two cents.
views:
39answers:
3
A:
Classes derived from RandomNumberGenerator
generate truly random numbers.
Stephen Cleary
2010-07-13 00:58:44
* as random as we can get with deterministic algorithms.
Robert P
2010-07-13 01:00:38
Also: From the documentation: "Application code does not directly use this class. This abstract class is provided as the base class for all cryptographic random number generators."
Robert P
2010-07-13 01:01:34
Is there any proof that the derived class of RandomNumberGenerator, such as RNGCyrptowareServiceProvide, is better than library where you can feed in random seed from external source.
weilin8
2010-07-13 01:11:50
Actually - depending on the machine hardware - `RNGCryptoServiceProvider` may not be dependent on "deterministic algorithms".
Stephen Cleary
2010-07-13 01:36:25
@weilin8: No. On the Windows platform, the standard practice is to include a CSP if you have a source of truly random data. Otherwise (e.g., most machines), the OS will use a deterministic algorithm incorporating a wide variety of inputs to get a very close approximation of randomness. It does a better job of this than we could, so if the "random seed" is just things like mouse movements, it's definitely better left up to windows. If you do have an actual *random* source that's not a CSP for some reason, then you would be better to use it directly.
Stephen Cleary
2010-07-13 01:41:04
Actually, predicting random numbers generated by the host system is pretty easy. Cheat coder have done that with many anti-cheat tools which create screenshots at random times. They just got the seed in memory and predicted the next random numbers. Ive never implemented such a method, but ive seen that working.
atamanroman
2010-07-13 12:13:56
@fielding: I'll bet! Having read the excellent chapter in Practical Cryptography (http://www.schneier.com/book-practical.html) on generating Randomness it's such a minefield that it's easy to just give up! If only I had a cosmic ray detector...
Andras Zoltan
2010-07-13 12:52:52
A:
You could get them from random.org if your project allows that. That should be random enough.
atamanroman
2010-07-13 12:10:47