0

I have looked for, and cannot find, any decent means of implementing a seedable Cryptographically Secure Pseudo-Random Number Generator (CSPRNG) for VB.Net. Anybody with cryptography/programming/VB experience knows Rnd() is crypto-suicide. Also, it looks like RNGCryptoServiceProvider does not (practically) allow seeding (From SO: no cryptography random generator seed allowed in C#?).

So, realistically, if I'm building a VB.Net Windows Forms application (Visual Studio 2015), how on earth do I implement a seedable CSPRNG where a password hash could be used as the seed? Is there a common library or something that people use? Or is it truly just kinda "fend-for-yourself?"

Community
  • 1
  • 1
David Mancini
  • 428
  • 7
  • 20
  • If you want a cryptographically suitable random number, why would you also want to seed? Maybe more about what you are really after would help. – Ňɏssa Pøngjǣrdenlarp Apr 04 '16 at 22:45
  • Well, for example, I **can** seed the `Rnd` function. But as I understand it, that function is known to produce terrible results even when seeded, such that different seeds might STILL result in a collision. – David Mancini Apr 04 '16 at 22:48
  • 1
    It is still not clear *what* you are trying to do (especially considering `a password hash could be used as the seed`). An RNG from a seed is generally antithetical to CSPRNG. – Ňɏssa Pøngjǣrdenlarp Apr 04 '16 at 22:57
  • Basically, I want to generate random bytes (stored in an array) that will be used to XOR the byte-data in a target file. Since having a "key file" is cumbersome, I want to use a PRNG to repeat the byte-sequence once supplied with the correct password (the one used to encrypt the data). I assumed I needed a "CS" PRNG since things like `Rnd()` don't even work well when supplied with a quality seed (like a good password). – David Mancini Apr 04 '16 at 23:02
  • 1
    `RNGCryptoServiceProvider.GetBytes(Byte())` will give you an array of CSPRNG values. Have you considered a cryptostream for the file rather than XOR-ing the file? Hardly seems worth the bother if the aim is to protect the file. – Ňɏssa Pøngjǣrdenlarp Apr 04 '16 at 23:06
  • Being pretty new to VS2015 and VB.Net, I had not (didn't know it existed). I will look more into that, then. Thanks! – David Mancini Apr 04 '16 at 23:13
  • If you want, update the question to something solution based – Ňɏssa Pøngjǣrdenlarp Apr 04 '16 at 23:19
  • 1
    @DjM This seems like an [XY problem](http://meta.stackexchange.com/q/66377/266187) to me. You probably want a stream cipher (which does the XORing). You can derive the key for the cipher from a password with PBKDF2 (with many iterations and a random salt) or similar. Note that block ciphers such as AES can be transformed into stream ciphers by using modes like CTR or CFB. – Artjom B. Apr 05 '16 at 06:57

0 Answers0