为什么使用C＃类System.Random而不是System.Security.Cryptography.RandomNumberGenerator？ [英] Why use the C# class System.Random at all instead of System.Security.Cryptography.RandomNumberGenerator?

问题描述

为什么有人使用系统中的标准随机数生成器.Random ，而不是总是使用来自 System.Security.Cryptography.RandomNumberGenerator （或其子类，因为RandomNumberGenerator是抽象的）？

Why would anybody use the "standard" random number generator from System.Random at all instead of always using the cryptographically secure random number generator from System.Security.Cryptography.RandomNumberGenerator (or its subclasses because RandomNumberGenerator is abstract)?

Nate Lawson在他的Google Tech Talk演示加密攻击返回在分钟13:11不使用

Nate Lawson tells us in his Google Tech Talk presentation "Crypto Strikes Back" at minute 13:11 not to use the "standard" random number generators from Python, Java and C# and to instead use the cryptographically secure version.

我知道两个版本的随机数生成器之间的区别（参见

I know the difference between the two versions of random number generators (see question 101337).

但是有什么理由不总是使用安全的随机数生成器？为什么使用System.Random？性能可能？

But what rationale is there to not always use the secure random number generator? Why use System.Random at all? Performance perhaps?

推荐答案

速度和意图。如果你生成一个随机数并且不需要安全，为什么要使用慢速加密函数？您不需要安全性，为什么要让其他人认为该号码可能会用于不安全的情况？

Speed and intent. If you're generating a random number and have no need for security, why use a slow crypto function? You don't need security, so why make someone else think that the number may be used for something secure when it won't be?

这篇关于为什么使用C＃类System.Random而不是System.Security.Cryptography.RandomNumberGenerator？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！