Why my encrypt algorithm always returns same salt every time?

Question

I have made my own encrypt and decrypt algorithm, but if I call crypting class and encrypt data, it writes every time same salt to file, but if I start app again, the salt is different. Here are 2 application runs and its salts.

50|Mmlv"!QM17=@QwjT`11(f&}G14[bxNpN19"V+W_r`
41|Mmlv"!QM17=@QwjT`6(f&}G6[bxNpN14"V+W_r`15j.zVN6<|N-}
92|Mmlv"!QM
93|Mmlv"!QM
92|Mmlv"!QM91=@QwjT`93(f&}G
86|Mmlv"!QM88=@QwjT`
91|Mmlv"!QM93=@QwjT`
93|Mmlv"!QM

Second

50!qKR}H!;15#X:y/O`11{Q'b|1TL[PYecoj19?*V`E|L?-
41!qKR}H!;17#X:y/O`6{Q'b|6TL[PYecoj14?*V`E|L?-15M|;:Goln6&.E:yy=>
92!qKR}H!;
93!qKR}H!;
92!qKR}H!;91#X:y/O`93{Q'b|
87!qKR}H!;93#X:y/O`
86!qKR}H!;93#X:y/O`
87!qKR}H!;88#X:y/O`

And here's my encrypt code in C#

public string encryptString(string text)
    {
        Random rdn = new Random();
        String[] textArray = new String[] { text };
        string alphabet = "qzwxecrvtbynumiopalskdjfhgPMONIBUVYCTXRZEWQASLKDFJHG~!@#$%^&*()_+}{|\":><?`-=][\';/., 9632587410";
        string hashedText = "";
        for (int i = 0; i < text.Length; i++)
        {
            string salt = "";
            int saltCount = rdn.Next(low_range, high_range);
            for (int e = 0; e < saltCount; e++)
            {
                int alphabetSaltCount = rdn.Next(0, alphabet.Length - 11);
                salt += alphabet[alphabetSaltCount];
            }
            hashedText += alphabet.IndexOf(text[i]).ToString() + salt;
        }
        return hashedText;
    }

Pull the `Random` outside of the method and make it a class variable. It's possible that your method is executing so fast that the next encryption happens before the system time has changed sufficiently for a new instance of `Random` to produce different numbers. — Abion47, Dec 03 '16 at 16:24
["Schneier's Law"](https://www.schneier.com/blog/archives/2011/04/schneiers_law.html): Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. — zaph, Dec 03 '16 at 16:26
I'd say you should properly seed the random and reuse the same one. Anyway, my recommendation is to never feel tempted to write your own cryptographic algorithm implementation. Use a well-known and up-to-date library. — Juan, Dec 03 '16 at 16:23
Using a random number generator to "encrypt" (what you are actually doing is some sort of weird encoding) is a very poor idea. The result will be different each time? And you can't decrypt it. How is this useful at all? — Luke Joshua Park, Dec 03 '16 at 22:39
@LukePark Oh.. Of course you cant decrypt it. The value of crypted string is hidden in numbers. In decrypt, you ignore everything except numbers. And numbers are positions for decrypt. You better see here, that's my decrypt and encrypt algorithm: http://pastebin.com/Vhd9SCLC It's just.. my private experiment about crypting :D I know it's bad, i made it for practice my skills. — Honza Sedloň, Dec 04 '16 at 16:41

score 1 · Accepted Answer · answered Dec 03 '16 at 16:47

You may need to seed the random number generator differently.

Random uses the system clock by default for its seed so calling new Random() really close to each other can end up with the same seed number.

See the section "Instantiating the random number generator" here: https://msdn.microsoft.com/en-us/library/system.random(v=vs.110).aspx

Why my encrypt algorithm always returns same salt every time?

1 Answers1