Recipe 14.7 A Better Random Number Generator

Problem

You need a random number with which to generate items such as a sequence of session keys. The random number must be as unpredictable as possible so that the likelihood of predicting the sequence of keys is as low as possible.

Solution

Use the classes System.Security.Cryptography.RNGCryptoServiceProvider and System.Random.

The RNGCryptoServiceProvider is used to populate a random byte array using the GetBytes method that is then printed out as a string in the following example:

public static void BetterRandomString( )
{
    // create a stronger hash code using RNGCryptoServiceProvider
    byte[] random = new byte[64];
    RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider( );
    // populate with random bytes
    rng.GetBytes(random);

    // convert random bytes to string
    string randomBase64 = Convert.ToBase64String(random);
    // display
    Console.WriteLine("Random string: {0}\r\n ",randomBase64);
}

Discussion

Random provides methods like Next, NextBytes, and NextDouble to generate random information for integers, arrays of bytes, and doubles, respectively. These methods can produce a moderate level of unpredictability, but to truly generate a more unpredictable random series, you would want to use the RNGCryptoServiceProvider.

RNGCryptoServiceProvider can be customized to use any of the underlying Win32 Crypto API providers by passing a CspParameters structure in the constructor to determine exactly which provider is responsible for generating the random bytes sequence. CspParameters allows you to customize items such as the key container name, the provider type code, the provider name, and the key number used. The GetBytes method populates the entire length of the byte array with random bytes.

See Also

See the "RNGCryptoServiceProvider Class," "CspParameters Class," and "Cryptographic Provider Types" topics in the MSDN documentation.