加密随机唯一字符串 [英] Cryptograhically random unique strings

问题描述

在此答案中，以下代码已发布，用于创建唯一的随机字母数字字符串.有人可以为我澄清一下如何确保它们在此代码中是唯一的，以及在什么程度上它们是唯一的?如果我在不同的情况下重新运行此方法，我还会得到唯一的字符串吗?

In this answer, the below code was posted for creating unique random alphanumeric strings. Could someone clarify for me how exactly they are ensured to be unique in this code and to what extent these are unique? If I rerun this method on different occasions would I still get unique strings?

还是我只是误解了答复，而这些根本没有生成唯一的密钥，只是随机的?

Or did I just misunderstand the reply and these are not generating unique keys at all, only random?

我已经在对该答案的评论中问过这个问题，但是用户似乎不活跃.

I already asked this in a comment to that answer but the user seems to be inactive.

    public static string GetUniqueKey()
    {
        int maxSize = 8;
        char[] chars = new char[62];
        string a;
        a = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
        chars = a.ToCharArray();
        int size = maxSize;
        byte[] data = new byte[1];
        RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
        crypto.GetNonZeroBytes(data);
        size = maxSize;
        data = new byte[size];
        crypto.GetNonZeroBytes(data);
        StringBuilder result = new StringBuilder(size);
        foreach (byte b in data)
        { result.Append(chars[b % (chars.Length - 1)]); }
        return result.ToString();
    }   

推荐答案

代码中没有任何东西可以保证结果是唯一的.要获得唯一值，您必须保留所有先前的值以便可以检查重复项，或者使用更长的代码以使重复项实际上是不可能的(例如GUID).该代码包含的信息少于48位，比GUID的128位要少得多.

There is nothing in the code that guarantees that the result is unique. To get a unique value you either have to keep all previous values so that you can check for duplicates, or use a lot longer codes so that duplicates are practically impossible (e.g. a GUID). The code contains less than 48 bits of information, which is a lot less than the 128 bits of a GUID.

该字符串只是随机的，尽管使用了加密强度随机数生成器，但由于从随机数据中生成代码的方式而损坏了该字符串.代码中存在一些问题:

The string is just random, and although a crypto strength random generator is used, that is ruined by how the code is generated from the random data. There are some issues in the code:

• 创建了一个char数组，将其丢弃并替换为另一个.
• 创建一个1字节的随机数据数组根本没有任何明显的原因，因为它没有用于任何事情.
• 使用 GetNonZeroBytes 方法代替 GetBytes 方法，该方法增加了字符分布的偏斜度，因为该代码无法解决缺少零值的问题.
• 模(％)运算符用于将随机数减少到所使用的字符数，但是不能将随机数均匀地划分为字符数，这也增加了字符分布的偏斜.
减少数量时，使用
• chars.Length-1 代替 chars.Length ，这意味着字符串中只能预定义62个字符中的61个

• A char array is created, that is just thrown away and replaced with another.
• A one byte array of random data is created for no apparent reason at all, as it's not used for anything.
• The GetNonZeroBytes method is used instead of the GetBytes method, which adds a skew to the distribution of characters as the code does nothing to handle the lack of zero values.
• The modulo (%) operator is used to reduce the random number down to the number of characters used, but the random number can't be evenly divided into the number of characters, which also adds a skew to the distribution of characters.
• chars.Length - 1 is used instead of chars.Length when the number is reduced, which means that only 61 of the predefined 62 characters can occur in the string.

尽管这些问题很小，但是在处理低温强度随机性时它们很重要.

Although those issues are minor, they are important when you are dealing with crypo strength randomness.

该代码的版本，该代码将产生没有这些问题的字符串，并提供具有足够信息的代码，这些信息被视为实际上是唯一的:

A version of the code that would produce a string without those issues, and give a code with enough information to be considered practically unique:

public static string GetUniqueKey() {
  int size = 16;
  byte[] data = new byte[size];
  RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider();
  crypto.GetBytes(data);
  return BitConverter.ToString(data).Replace("-", String.Empty);
}

这篇关于加密随机唯一字符串的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！