[Mono-dev] Crypto secure random numbers
Sebastien Pouliot
sebastien.pouliot at gmail.com
Tue Aug 14 08:37:56 EDT 2007
Hello Karl,
On Tue, 2007-08-14 at 00:34 -0700, Karl McClendon wrote:
> This probably isn't the best place to ask this question, but...
>
> How does System.Security.Cryptography.RNGCryptoServiceProvider (and
> similar) handle random number generation?
RNGCryptoServiceProvider implementation differs from platform to
platform (so the best answer is in the runtime source code ;-). For most
people this either means /dev/random (Linux) or CryptGenRandom (Windows)
> I am asking this because I am going to use this to generate symmetric
> encryption keys and I dont want my communications to be vulnerable to
> attacks against a predictable random number generator.
>
> If the generator is not cryptographically secure, has very few
> entropic sources, relies on /dev/urandom, etc... please email me back
> and I will write a proper engine.
The right way to do this is to write a new class that inherits from
RandomNumberGenerator.
If you wish it to be used from any "correctly-written"(*) class (e.g.
within the Mono framework) then you only need to modify your
machine.config so that your class can replace the default RNG (which is
normally RNGCryptoServiceProvider).
(*) Code that use, directly or indirectly, CryptoConfig to create
cryptographic objects. Sadly the framework itself doesn't enforce that
usage so user code may still call anything they want.
--
Sebastien Pouliot <sebastien at ximian.com>
Blog: http://pages.infinit.net/ctech/
More information about the Mono-devel-list
mailing list