Very often, I see that .NET is class Randomused to generate passwords.
class Random
On the one hand, this question that I asked earlier shows that generating a heap of "secret" data using class Randomquite predictable data. On the other hand, I am currently trying to make this accurate prediction, and my code works at a speed of about six million visits per day on one core - not very fast, it will take almost a year to calculate all possible seed values at that speed.
Is there a clearer and faster way to show that passwords created using data from class Random()are much weaker than normally expected?
class Random()
Let me say this: choose a random number generator sufficient for the number of passwords that you want to generate. With an alphabet size of 36 (numbers and only uppercase or only lowercase letters) you extract only a small part of the internal state of the RNG. And even if you create 40,000 characters in this case, this is only about 21 bits of information. Your algorithm in another question only generates 4 random characters in addition to the prefix. It would be easier for an attacker to iterate over all possible passwords, rather than crudely enforcing the RNG state to determine the next password to be generated.
, , RNG , . RNG, , , . System.Random , . .
, Random "Psuedo-random algorithm", , - . , .
Random
, , , , , : , , .Net framework, ()?
, -, ?
, , . , , !
? - , ? .. ? reset? ? ? ?
6 , - , ? & lt; 6 24 .
, , . , , , , ? 100%!
, Random ( "" , ). , . - , .