23

Question says it all, what is the best method of generating a random salt (to be used with a hash function) in C#?

Petey B
  • 11,439
  • 25
  • 81
  • 101

2 Answers2

32

You should use the RNGCryptoServiceProvider class to generate cryptographically secure random numbers..

SLaks
  • 868,454
  • 176
  • 1,908
  • 1,964
  • 6
    You don't need a cryptographically strong random number generator for salts. – Pedro d'Aquino Jun 20 '11 at 18:30
  • 1
    But it does let you generate really random strings in addition to numbers. – Rangoric Jun 20 '11 at 18:32
  • 1
    @Pedro: It doesn't hurt. Also, it reduces the chance of a salt collision, which is not a good thing. – SLaks Jun 20 '11 at 18:32
  • 5
    @Pedro: that's arguable. Salts must be as unique as possible. Uniform randomness does that (for a long enough salt) but a non-cryptographic RNG may exhibit biases which make collisions more frequent than expected. Using a cryptographically secure RNG is the safe way. – Thomas Pornin Jun 20 '11 at 18:41
0

Enterprise Library should be able to create a random salt for you very effectively. Check it out here.

therealmitchconnors
  • 2,732
  • 1
  • 18
  • 36