The answer is apparently yes for the implementation in Java, but how about Org.BouncyCastle.Security.SecureRandom in C#?
Asked
Active
Viewed 1,619 times
3
Mark Amery
- 143,130
- 81
- 406
- 459
-
Related (since it's also about the undocumented basics of how to use this class correctly): https://stackoverflow.com/q/46792373/1709587 – Mark Amery Oct 17 '17 at 14:18
1 Answers
4
Since, as far as I know, there is no official (or even any) documentation of C# Bouncy Castle port - all we can do is look at source code and try to draw some conclusions. Here is source code of SecureRandom. We can see that the main methods there are NextCounterValue (used to generate seeds) and NextBytes used to generate actual random data. NextCounterValue is thread-safe (uses Interlocked.Increment). NextBytes forwards implementation to instance of IRandomGenerator. Since you can pass any instance of IRandomGenerator to constructor of SecureRandom - we can conclude that its thread safety depends on that of IRandomGenerator used.
Also when on full .NET Framework, SecureRandom uses CryptoApiRandomGenerator as master generator (to generate seeds) and that one is just wrapper around .NET RNGCryptoServiceProvider which as we know is thread safe.
What if you just create SecureRandom without passing any IRandomGenerator? Then it will create instance of DigestRandomGenerator (code) which seems to be thread-safe (uses simple lock in NextBytes).
All in all we can say that SecureRandom is thread safe if you are not passing an instance of IRandomGenerator which is not thread-safe to it.
Evk
- 98,527
- 8
- 141
- 191