c# - Cryptograhically random unique strings -


in this answer, below code posted creating unique random alphanumeric strings. clarify me how ensured unique in code , extent these unique? if rerun method on different occasions still unique strings?

or did misunderstand reply , these not generating unique keys @ all, random?

i asked in comment answer user seems inactive.

    public static string getuniquekey()     {         int maxsize = 8;         char[] chars = new char[62];         string a;         = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890";         chars = a.tochararray();         int size = maxsize;         byte[] data = new byte[1];         rngcryptoserviceprovider crypto = new rngcryptoserviceprovider();         crypto.getnonzerobytes(data);         size = maxsize;         data = new byte[size];         crypto.getnonzerobytes(data);         stringbuilder result = new stringbuilder(size);         foreach (byte b in data)         { result.append(chars[b % (chars.length - 1)]); }         return result.tostring();     }

there nothing in code guarantees result unique. unique value either have keep previous values can check duplicates, or use lot longer codes duplicates practically impossible (e.g. guid). code contains less 48 bits of information, lot less 128 bits of guid.

the string random, , although crypto strength random generator used, ruined how code generated random data. there issues in code:

  • a char array created, thrown away , replaced another.
  • a 1 byte array of random data created no apparent reason @ all, it's not used anything.
  • the getnonzerobytes method used instead of getbytes method, adds skew distribution of characters code nothing handle lack of 0 values.
  • the modulo (%) operator used reduce random number down number of characters used, random number can't evenly divided number of characters, adds skew distribution of characters.
  • chars.length - 1 used instead of chars.length when number reduced, means 61 of predefined 62 characters can occur in string.

although issues minor, important when dealing crypo strength randomness.

a version of code produce string without issues, , give code enough information considered practically unique:

public static string getuniquekey() {   int size = 16;   byte[] data = new byte[size];   rngcryptoserviceprovider crypto = new rngcryptoserviceprovider();   crypto.getbytes(data);   return bitconverter.tostring(data).replace("-", string.empty); }

Comments

Post a Comment

Popular posts from this blog

commonjs - How to write a typescript definition file for a node module that exports a function? -

consider, toml node module can use: // toml.d.ts declare module toml { export function parse(value:string):any; } declare module "toml" { export = toml; } then: /// <reference path="../../../../../defs/toml/toml.d.ts"/> import toml = require('toml'); toml.parse(...); however, node module export single function, such 'glob' ( https://github.com/isaacs/node-glob ). the node usage of module be: var glob = require("glob") glob("*.js", {}, callback(err, files) { ... }); you'd naively expect this: // glob.d.ts declare function globs(paths:string, options:any, callback:{(err:any, files:string[]):void; ...but because typescripts 'import' semantics bit strange, seems can use 'import .. = require()' statement alias modules . trying call: /// <reference path="../../../../../defs/glob/glob.d.ts"/> import blog = require('glob'); results in: error ts2072: mod...
Read more

openid - Okta: Failed to get authorization code through API call -

i'm integrating okta own idp server using okta's api. i'm implementing authorization code flow following steps below: in own server, use /api/v1/authn endpoint sessiontoken. use sessiontoken obtain authorization calling endpoint: /oauth2/v1/authorize?client_id=" + clientid + "&sessiontoken=" + sessiontoken + "&response_type=code&response_mode=query&scope=openid&redirect_uri=" + redirecturl + "&state=evanyang&nonce=" it's supposed return response status code 302 , location header containing redirect url code value. however, keep getting response status code 200 , without location header, html body saying "you using unsupported browser." , "javascript disabled on browser." according api documentation: http://developer.okta.com/docs/api/resources/oidc.html#authentication-request , sessiontoken parameter sufficient this: an okta one-time sessiontoken. allows api-based ...
Read more

ios - Change Storyboard View using Seague -

i have following code checks connection server, , depending on want change views if no connection found. nsstring *connect = [nsstring stringwithcontentsofurl:[nsurl urlwithstring:@"http://myserver.com"] encoding:nsutf8stringencoding error:nil]; if (connect == null) { [self performseguewithidentifier:@"network_failure" sender:self]; } else { // other code here } my problem not change views. have added storyboard segue between 2 views identifier of network_failure . not have navigation controller or that, problem? thanks help! no not problem. first of all, in objectivec exists nil object oriented null . must use that. so: if(connect == nil) or better: if(!connect) so due fact nil not same of null , probably code does't enter in if scope . you have been able discover breakpoint. anyway: be sure set trigger segue (line) 2 view controller , , name network_failure (that not best name. should instead view1toview2 ) as, m...
Read more