随机数发生器返回零 [英] Random number generator returning zeros

问题描述

我有依靠Random类来生成伪随机字符串的ASP.NET应用程序。它使用以下code（这是一块较大的样本$ C $下提供的谷歌的一部分的应用程序SSO）：

I have an ASP.NET application that relies on the Random class to generate a pseudo-random string. It uses the following code (this is part of a larger piece of sample code provided by Google for apps SSO):

    public static class SamlUtility
{
    private static Random random = new Random();

    private static char[] charMapping =  { 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p' };

    public static string CreateId()
    {
        byte[] bytes = new byte[20]; // 160 bits

        random.NextBytes(bytes);

        char[] chars = new char[40];

        for (int i = 0; i < bytes.Length; i++)
        {
            int left = (bytes[i] >> 4) & 0x0f;
            int right = bytes[i] & 0x0f;
            chars[i * 2] = charMapping[left];
            chars[i * 2 + 1] = charMapping[right];
        }

        return new string(chars);
    }
}

这通常工作得很好，但不时也开始产生了A的字符串。从我可以告诉调试，随机干脆停止返回随机数，而是充满了相同的价值一遍又一遍字节。我已经使用GUID，而不是修补这个，但我很好奇发生了什么事在原来的code。我假设某种形式的熵疲惫，但我无法找到的文档的任何引用。此外，这已经发生了，每次，执行IISRESET恢复了正确的行为。

This normally works very well, but from time to time it starts generating a string of 'a'. From what I can tell from debugging, Random simply stops returning random numbers and instead fills bytes with the same value over and over. I've patched this by using a GUID instead, but I'm curious what happened in the original code. I'm assuming some form of entropy exhaustion, but I can't find any reference in the docs. Also, each time this has happened, performing iisreset restored the correct behavior.

任何有关发生了什么事情错的建议将是非常美联社preciated。

Any suggestions regarding what was going wrong would be much appreciated.

推荐答案

在随机类不是线程安全的。
如果您生成多个线程上相同的实例随机数一次，它的内部状态将被破坏，它会开始返回零。

The Random class is not thread-safe.
If you generate random numbers on the same instance on multiple threads at once, its internal state will be corrupted and it will start returning zeroes.

您需要做的随机例如 [ThreadStatic] 来确保每个实例不能由多个线程共享。照片 请注意，初始化为 [ThreadStatic] 字段将只运行一次，所以你需要检查它是否是空您每次使用字段并在必要时对其进行初始化。
这也将是一个好主意，包括线程ID和当前时间的种子prevent种子的碰撞。

You need to make the Random instance [ThreadStatic] to ensure that each instance is not shared by multiple threads.
Note that initializers for [ThreadStatic] fields will only run once, so you need to check whether it's null every time you use the field and initialize it if necessary.
It would also be a good idea to include both the thread ID and the current time in the seed to prevent seed collisions.

请注意，顺便说一句，该随机类是不安全的;考虑使用<一个href="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rngcryptoserviceprovider.aspx"相对=nofollow> RNGCryptoServiceProvider 类

Note, by the way, that the Random class is not secure; consider using the RNGCryptoServiceProvider class

这篇关于随机数发生器返回零的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！