> From: Sid Shetye [mailto:[email protected]]
>
> "new SecureRandom(new DigestRandomGenerator(new
> Sha256Digest()))" will always produce the same sequence.
You're using it wrong. Here, try this:
This seeds itself with 1 sample of ticks (approx 8 bits entropy) and 24 bytes
ThreadedSeedGenerator (at approx 0.5 bits entropy per bit, this is approx 96
bits entropy) = approx 104 bits total entropy
new SecureRandom();
Or, to do something stronger, try this: (This should get you near actual 256
bits entropy in the prng)
byte[] seed; // approx 0.5 bits entropy per bit, this is
approx 256 bits entropy
seed = new ThreadedSeedGenerator().GenerateSeed(64,fast:false);
var prng = new DigestRandomGenerator(new Sha256Digest());
prng.AddSeedMaterial(seed);
var myRand = new SecureRandom(prng);
> For
> testing/generating same sequences, one can always explicitly set the seed to
> 0,
Actually, that's not true. Because once you AddSeedMaterial, you can never get
it back out. DigestRandomGenerator.SetSeed() does not actually set seed, but
rather, *adds* seed material without losing prior seed material.
> The RNG class interface could allow specifying what sources of entropy
> should be pulled in for those wanting to stay only in the managed code
> domain
We are doing this in TinHat Random. For more details, see "Advanced Usage"
https://tinhatrandom.org/doku.php#advanced_usage
