如何生成一组随机字符串在C＃程序，使他们不pdicted平凡$ P $？ [英] How do I generate a set of random strings in a C# program so that they are not trivially predicted?

问题描述

我遇到了以下问题：生成一个受限制的字母n独特的字母数字串。这是我在C＃中的解决方案：

I faced a following problem: generate N unique alphanumeric strings from a restricted alphabet. Here's my solution in C#:

string Alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
Random generator = new Random();
const int ToGenerate = 10000;
const int CharactersCount = 4;
ArrayList generatedStrings = new ArrayList();
while( generatedStrings.Count < ToGenerate ) {
   string newString = "Prefix";
   for( int i = 0; i < CharactersCount; i++ ) {
      int index = generator.Next( Alphabet.Length );
      char character = Alphabet[index];
      newString += character;
   }
   if( !generatedStrings.Contains( newString ) ) {
      generatedStrings.Add( newString );
   }                
}
for( int i = 0; i < generatedStrings.Count; i++ ) {
    System.Console.Out.WriteLine( generatedStrings[i] );
}

它生成10K开头的字符串preFIX否则由大写字母和数字。输出看起来不错。

it generates 10K strings starting with "Prefix" and otherwise consisting of capital letters and numbers. The output looks good.

现在我看到下面的问题。所产生的字符串是这样一个场景，他们应该不太可能被任何人pdicted $ P $。在我的计划中的种子是随时间变化的。一旦有人知道的种子值，他可以在同一code和得到完全相同的字符串。如果他知道任何两个字符串，他可以很容易地计算出我的算法（因为它是真的很幼稚），并尝试暴力破解的种子值 - 只是列举出所有可能的种子值，直到他看到在输出中的两个已知的字符串。

Now I see the following problem. The produced strings are for a scenario where they should be unlikely to be predicted by anyone. In my program the seed is time-dependent. Once someone knows the seed value he can run the same code and get the exact same strings. If he knows any two strings he can easily figure out my algorithm (since it is really naive) and attempt to brute-force the seed value - just enumerate all possible seed values until he sees the two known strings in the output.

有一些简单的改变可以做我的code键使所描述的攻击不太可能吗？

Is there some simple change that could be done to my code to make the described attack less possible?

推荐答案

那么，他怎么会知道的种子？除非他知道在确切时间您运行code，这是的非常的很难​​做到。但是如果你需要更强大，你也可以通过创建加密的强随机数 System.Security.Cryptography.RandomNumberGenerator.Create - 是这样的：

Well, how would he know the seed? Unless he knew the exact time you ran the code, that is very hard to do. But if you need stronger, you can also create cryptographically strong random numbers via System.Security.Cryptography.RandomNumberGenerator.Create - something like:

        var rng = System.Security.Cryptography.RandomNumberGenerator.Create();
        byte[] buffer = new byte[4];
        char[] chars = new char[CharactersCount];
        for(int i = 0 ; i < chars.Length ; i++)
        {
            rng.GetBytes(buffer);
            int nxt = BitConverter.ToInt32(buffer, 0);
            int index = nxt % Alphabet.Length;
            if(index < 0) index += Alphabet.Length;
            chars[i] = Alphabet[index];
        }
        string s = new string(chars);

这篇关于如何生成一组随机字符串在C＃程序，使他们不pdicted平凡$ P $？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！