How to Generate C# Random Numbers, Pseudo vs Secure Random Numbers

By: mwatson
  |  April 16, 2017

Random numbers are used in a wide variety of software applications. Depending on what you are using random numbers for, you will need to decide which type to use. For a music jukebox, the accuracy is not very critical. For something like a lottery or slot machine, the random number generator must be extremely accurate.  Read on to learn more about C# random numbers.

There are two types of random number generators in C#:

  • Pseudo-random numbers (System.Random)
  • Secure random numbers (System.Security.Cryptography.RNGCryptoServiceProvider)

Pseudo vs Secure Random Numbers

The key difference is the chance that the seed value used to do the randomization may not be changing quickly and randomly enough. For example, System.Random relies on the computer system clock. If multiple Random() objects were created at the exact same time, they could create the same sequence of random numbers.

Secure random numbers are called “secure” because of potential security vulnerabilities in weak random number generators. If a hacker could figure out a pattern to your random crypto keys, they may be able to increase their chances of hacking in.

MORE: “True” vs. pseudo-random numbers (Wikipedia)

How to use C# System.Random Number Generator

System.Random works great for basic use cases of creating random numbers.

For example, we use it at Stackify to randomly schedule some background jobs so they don’t all run exactly at the same second and minute every hour. We want to randomly distribute the jobs over the course of an hour. For this type of use case, System.Random works fine for us.

Examples of using System.Random to generate C# random numbers:

Random random = new System.Random();
int value = random.Next(0, 100); //returns integer of 0-100
double value2 = random.NextDouble(); //returns floating point 0.0-1.0
var byteArray = new byte[256];
random.NextBytes(byteArray); //fill with random bytes

 

How to Create Secure C# Random Numbers With RNGCryptoServiceProvider

Secure random numbers are important if you are creating a very high volume of numbers or need to ensure proper uniqueness over a long period of time. If you were generating random numbers for a game like Roulette, it would be important that the random numbers were properly distributed over all of the potential outcomes (0-36) properly.

RNGCryptoServiceProvider provides a random set of bytes. You must then convert those bytes to the data type that you need.

RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
var byteArray = new byte[4];
provider.GetBytes(byteArray);
//convert 4 bytes to an integer
var randomInteger = BitConverter.ToUInt32(byteArray, 0);
var byteArray2 = new byte[8];
provider.GetBytes(byteArray2);
//convert 8 bytes to a double
var randomDouble = BitConverter.ToDouble(byteArray2, 0);

 

Improve Your Code with Retrace APM

Stackify's APM tools are used by thousands of .NET, Java, PHP, Node.js, Python, & Ruby developers all over the world.
Explore Retrace's product features to learn more.

Learn More

Want to contribute to the Stackify blog?

If you would like to be a guest contributor to the Stackify blog please reach out to [email protected]