TheDeveloperBlog.com


C# RNGCryptoServiceProvider Example

RNGCryptoServiceProvider generates high-quality random numbers. With it, we use an RNG (random number generator) that is as random as possible. This helps in applications where random numbers must be completely random.

Caution: RNGCryptoServiceProvider has a cost: it reduces performance over the Random type.


Example. The most useful method on RNGCryptoServiceProvider is the GetBytes method. And because this type implements Dispose, you can enclose it in a using-statement. We fill a four-byte array with GetBytes ten times.

Then: We use BitConverter.ToInt32 to change those four-byte arrays into integers. This yields random integers.

BitConverter
C# program that uses RNGCryptoServiceProvider

using System;
using System.Security.Cryptography;

class Program
{
    static void Main()
    {
	using (RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider())
	{
	    // Buffer storage.
	    byte[] data = new byte[4];

	    // Ten iterations.
	    for (int i = 0; i < 10; i++)
	    {
		// Fill buffer.
		rng.GetBytes(data);

		// Convert to int 32.
		int value = BitConverter.ToInt32(data, 0);
		Console.WriteLine(value);
	    }
	}
    }
}

Output

461315061
-1277834804
-1239389884
-1540126655
1669339804
1436197105
-473414988
-264059284
-1832694377
-1929982707

The output looks random. I haven't run any tests of randomness on RNGCryptoServiceProvider or compared it to the Random type. But random number generators implemented with cryptographic algorithms are suitable for most programs.


Discussion. So when should you use Random and when should you use the slightly more complicated RNGCryptoServiceProvider? My expectation is that for most programs, Random is sufficient and preferable due to its simplicity.

But: For important programs RNGCryptoServiceProvider is better because it is less prone to problems with its randomness.

Note: The Random type does not use the RNGCryptoServiceProvider internally. The implementations are different.


Benchmark. I quantified the performance of RNGCryptoServiceProvider and Random. The inner loop contained the call to GetBytes and ToInt32 for RNGCryptoServiceProvider, and Next() for Random. The objects were created outside of the inner loop.

Benchmark results

Time for one random int from RNGCryptoServiceProvider: 2796.19 ns
Time for one random int from Random:                      9.30 ns

It is clear from these results that you might end up with a slow program if you overuse RNGCryptoServiceProvider. This type is over 300 times slower when used as shown than the Random type.


Summary. We looked at the RNGCryptoServiceProvider type in the C# language and demonstrated its use. With this type, you can fill byte arrays with random values. Then you can convert those byte arrays to integral types or use them directly.