Just to be on the secure side...



  • Since I had a requirement to generate some "secure" random Passwords i went to google and looked for a routine to do that for me (Yes i am lazy)

     

    Inside the routine I found this snippet of code...

    // Generate 4 random bytes.
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
            rng.GetBytes(randomBytes);

            // Convert 4 bytes into a 32-bit integer value.
            int seed = (randomBytes[0] & 0x7f) << 24 |
                        randomBytes[1]         << 16 |
                        randomBytes[2]         <<  8 |
                        randomBytes[3];

            // Now, this is real randomization.
            Random  random  = new Random(seed);

    But the WTF is that I used the code since the results are what I needed ;)

     

    Edit: The [ CODE ] Tag messes up the display... Someone check on it pls



  • [quote user="rdrunner"]

    Since I had a requirement to generate some "secure" random Passwords i went to google and looked for a routine to do that for me (Yes i am lazy)

     

    Inside the routine I found this snippet of code...

    // Generate 4 random bytes.
            RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
            rng.GetBytes(randomBytes);

            // Convert 4 bytes into a 32-bit integer value.
            int seed = (randomBytes[0] & 0x7f) << 24 |
                        randomBytes[1]         << 16 |
                        randomBytes[2]         <<  8 |
                        randomBytes[3];

            // Now, this is real randomization.
            Random  random  = new Random(seed);

    But the WTF is that I used the code since the results are what I needed ;)

     

    Edit: The [ CODE ] Tag messes up the display... Someone check on it pls

    [/quote]
    <font face="tahoma,arial,helvetica,sans-serif">But why stop there when you could infinitely generate random seeds based on the previous random generated value? ;)

    Or call your random number generator several times for a random number of times (which will also come from that same random number generator)...



    </font>



  • Plese select how secure you want your password:

    1. generare a "plain" random password

    2. generate a double-random password

    3. Generate a random-times random password

    4. spend an hour to random-random password (time based and most secure!!)



  • Perhaps the newly created Random object will be used to generate 20megs of random data - and has to generate them fast. Using one (more secure) RNG to initialize an RNG of lesser strength isn't all that uncommon.

     

    The RNGCryptoWhatever service may connect to a really secure entropy source (such as a geiger counter or mouse data or something) that is too slow (think /dev/random which waits until enough entropy events has come in) to use in the real application. Of course, the added cryptographic security of randomly initializing the seed is dramatically reduced by generating lots of data from the standard RNG, but it might be a reasonable trade-off in this application (at least if the seed is re-initialized now and then from the secure RNG).



  • A few months ago, someone asked me to create a quick-n-dirty way of generating unique keys. I'm not saying this is good, or unique, but it was unique-enough for the task at hand:

    hash consisting of: NIC-Unique-Address + ms-since-epoch + random-object-id-digit-sequence-chosen-from-registry


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.