Random data

Purpose
This class produces unpredictable, cryptographically secure random numbers. Using a predictable random number generator, such as System.Random, is insecure.
These functions should be used to randomly generate encryption keys, nonces, salts, seeds, integers, strings, and passphrases.
Usage
Fill
Fills a span with random bytes.
SecureRandom.Fill(Span<byte> buffer)
Exceptions
​ArgumentOutOfRangeException​
buffer has a length of 0.
GetInt32
Generates a random integer between 0 (inclusive) and the upper bound (exclusive).
SecureRandom.GetInt32(int upperBound)
Exceptions
​ArgumentOutOfRangeException​
upperBound is less than MinUpperBound.
GetString
Generates a random string of a given length. A custom character set can be provided, but several character sets are available via constants.
SecureRandom.GetString(int length, string characterSet = AlphanumericChars)
Exceptions
​ArgumentOutOfRangeException​
length is less than MinStringLength or greater than MaxStringLength.
​ArgumentNullException​
characterSet is null.
​ArgumentOutOfRangeException​
characterSet has a length of 0.
GetPassphrase
Generates a random passphrase using the EFF's long wordlist (minus hyphenated words).
SecureRandom.GetPassphrase(int wordCount, char separatorChar = '-', bool capitalize = true, bool includeNumber = false)
​ArgumentOutOfRangeException​
wordCount is less than MinWordCount or greater than MaxWordCount.
FillDeterministic
Fills a span with deterministic bytes indistinguishable from random without knowing the seed.
SecureRandom.FillDeterministic(Span<byte> buffer, ReadOnlySpan<byte> seed)
This should be reserved for tests and custom constructions (e.g. an XOF).
Exceptions
​ArgumentOutOfRangeException​
buffer has a length of 0.
​ArgumentOutOfRangeException​
seed has a length not equal to SeedSize.
Constants
These are used for validation and/or save you defining your own constants.
public const int SeedSize = 32;
public const string AlphabeticChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
public const string NumericChars = "0123456789";
public const string SymbolChars = "!#$%&'()*+,-./:;<=>?@[]^_`{}~";
public const string AlphanumericChars = AlphabeticChars + NumericChars;
public const string AlphanumericSymbolChars = AlphanumericChars + SymbolChars;
public const int MinUpperBound = 2;
public const int MinStringLength = 8;
public const int MaxStringLength = 128;
public const int MinWordCount = 4;
public const int MaxWordCount = 20;
Notes
If these functions are called inside a virtual machine (VM) which is snapshotted and restored, the same output may be produced.​
The libsodium library uses RtlGenRandom() on Windows and getrandom or /dev/urandom on Linux and macOS to generate cryptographically secure random numbers non-deterministically. Deterministic generation is done using the IETF version of ChaCha20.
Introduction
Constant time
Last modified 2d ago