Generate predictable random numbers C#

Question

I would like the generate random numbers - except given the same seed, they should always be the same. How could this be done?

e.g. Given the seed 'I like turtles' it should generate a number e.g. 1234 no matter when/how many times it was called. I need this for a security application.

Possible duplicate: http://stackoverflow.com/questions/4060961/seeding-a-pseudo-random-number-generator-in-c-sharp — Benjamin Gruenbaum, Apr 01 '13 at 15:23
Sounds scary. "predictable random numbers" combined with "security application". Rule number one of security: don't do it yourself. There are a lot of very good libraries available. — Bart Friederichs, Apr 01 '13 at 15:25
I have made something that gets a fingerprint of a machine, the predicable random number means the fingerprint won't randomly change, however a hacker would have to write some C#/decompile/recompile to find the value of the random number (hence a little more effort). — James, Apr 01 '13 at 15:34
@James It's called "hash" as others said. And if you don't know what hash is chances are your "security" will rather be "obscurity" and probably done incorrectly. Read some more about this type of things, don't reinvent the wheel by making it square — Sten Petrov, Apr 01 '13 at 15:40
@StenPetrov As I said in my previous comment, the aim of this is to create a value that could only (easily) be replicated by decomiling/recompiling code - putting most hackers off. There are loads of online hash generators - meaning it's trivial to generate one to simulate what my fingerprint code would do; hence my need for a custom hasher or even simpler, a seeded, predictable random number. I am perfectly aware what a hash is. — James, Apr 01 '13 at 17:17
@James ... but to get to the parts they need to hash they also have to decompile your code, making your efforts futile. By adding a (weak) custom hash function you're not increasing the level of difficulty to break your protection. Somehow your bank manages to get by on standard algorithms. — Sten Petrov, Apr 01 '13 at 17:53
@StenPetrov Okay, the point is, in this case, if I were to use a normal hash alg, they (hackers) could spot that in a decompile then use an online hash site to get the same output as my fingerprint. Whereas, my much weaker hash alg will require them to decompile my code (to find it) and then recompile it after to get it to spit out values (much more difficult). My bank doesn't rely on .NET client side apps luckily. — James, Apr 01 '13 at 19:46
@James and you imagine the recompiling to be a difficult step? And you think just because it's a .NET app that can be decompiled it's less secure? You need to read some more about security, start here: http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle — Sten Petrov, Apr 01 '13 at 21:31

score 2 · Accepted Answer · answered Apr 01 '13 at 15:23

2

That is precisely how pseudo random number generators (PRNGs) work. When seeded the same way, they yield the same sequence of pseudo random numbers.

Take a look at the documentation for the constructor of the Random class:

Providing an identical seed value to different Random objects causes each instance to produce identical sequences of random numbers.

Only do note that PRNGs use numeric seeds rather than strings, as per your example in the question. And if you need a cryptographically secure PRNG, then you'll need to use a class other than Random, although the same principles regarding seeds apply.

answered Apr 01 '13 at 15:23

David Heffernan

601,492
42
1,072
1,490

+0. Isn't relevant for the OP's needs – Sam I am says Reinstate Monica Apr 01 '13 at 15:24
@SamIam I don't understand what you mean – David Heffernan Apr 01 '13 at 15:25
This is what led the answer for me. It would be nice to have one line of code though :) – James Apr 01 '13 at 15:36
@James Why would code help? I like answers that explain things. – David Heffernan Apr 01 '13 at 15:41
@DavidHeffernan I just think `var random = new Random("I like turtles".GetHash())` is a nice example to have in there. Up to you. – James Apr 01 '13 at 15:42
1

@James I'm not sure that's such a great example. Because a different string can yield the same hash value. And presumably you want different seeds to yield different sequences. I'm not really sure what your application is, and you mentioned security, so I don't want to give code and advice that I'm not confident is accurate and appropriate to your needs. – David Heffernan Apr 01 '13 at 15:45

score 0 · Answer 2 · edited May 23 '17 at 12:29

0

The Random class will generate the same sequence of numbers, if you supply it with the same seed.

If you just want to return a predictable number from a given string, use a hash.

edited May 23 '17 at 12:29

Community

1
1

answered Apr 01 '13 at 15:25

Robert Harvey

178,213
47
333
501

score 0 · Answer 3 · answered Apr 01 '13 at 15:33

If you're doing security, You'd really be better served by using a library, but if you absolutely must do it yourself...

It looks like you'd rather compute a hash code.

here is some information on generating a MD5 hash code from a string

Here is the code sample on that page

public static  string CalculateMD5Hash(string strInput)
{
  MD5 md5 = System.Security.Cryptography.MD5.Create();
  byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(strInput);
  byte[] hash = md5.ComputeHash(inputBytes);            

  StringBuilder sb = new StringBuilder();           
  for (int i = 0; i < hash.Length; i++)           
  {               
    sb.Append(hash[i].ToString("x2")); 
  }         
  return sb.ToString();       
}

Generate predictable random numbers C#

3 Answers3