Why is Random class not considered "random" enough to be used in high-security applications, such as cryptography and it is advised to use System.RandomNumberGenerator for these applications ?
Asked
Active
Viewed 1,100 times
5
Pratik Singhal
- 6,283
- 10
- 55
- 97
-
5Related: [Why use the C# class System.Random at all instead of System.Security.Cryptography.RandomNumberGenerator?](http://stackoverflow.com/questions/1257299/why-use-the-c-sharp-class-system-random-at-all-instead-of-system-security-crypto) and [What is the difference between a randomly generated number and secure randomly generated number?](http://stackoverflow.com/questions/101337/what-is-the-difference-between-a-randomly-generated-number-and-secure-randomly-g). – Tim Schmelter Jan 07 '14 at 14:08
-
2In high-security applications you need to generate random keys - long sequences of random bits. When you use `Random`, the entire sequence depends entirely on a relatively short sequence of bits, called "the seed" of your random number generator. Since the seed is much shorter than the key, it's much easier to guess (or to bruteforce). However, guessing your seed is almost as good as guessing your key, because feeding the seed to the random number generator will pretty quickly produce the sequence that you have used for your key. – Sergey Kalinichenko Jan 07 '14 at 14:16