1

I was wondering if there's a difference in security between the following:

CASE A:

byte[] data = new byte[47];
using(RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider())
{
    crypto.GetBytes(data);
}

CASE B:

byte[] data = new byte[47];
using(RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider())
{
    for(int i = 0; i < 47; i++)
    {
        byte[] byte = new byte[1];
        crypto.GetBytes(byte);
        data[i] = byte;       
    }
}

I was wondering because I was inspired by the example of MSDN. Which basically checks whether the byte received was fair due to the unfair distribution of using modulo on a limited value. (I was building a random string generator and I don't want to give the characters early in the alphabet the advantage of an unfair distribution)

So basically my question is, is there a difference in security whether I loop "GetBytes" to get N bytes (case b), or use "GetBytes" directly to get N bytes (case a).

Thank you for your time

BARJ
  • 1,543
  • 3
  • 20
  • 28

1 Answers1

1

No, there isn't. The bytes are generated the same way no matter whichever way you get them.

Sami Kuhmonen
  • 30,146
  • 9
  • 61
  • 74
  • Probably true, but it would be nice if you would have any (normative) references to this fact. Without those the answer may well be guesswork (to us, not to you of course). – Maarten Bodewes May 13 '15 at 16:24
  • @MaartenBodewes yes, tried to find references to back up the theory, but even if the internal system wouldn't use a byte size number generation (which these usually seem to use), the strength shouldn't weaken. But couldn't find any crypto theory articles even to back that up. Internal functionality is subject to change and since there is not actual source code available, it's hard to say for absolute certainty. – Sami Kuhmonen May 13 '15 at 17:13