RNGCryptoServiceProvider and Zeros?

About

Asked 3/10, 2012 at 7:33 Answered 3/10, 2012 at 8:29

Solved c#encryption .net-4.0 random rngcryptoserviceprovider

walking through some cryptogtaphy stuff , I saw that RNGCryptoServiceProvider has 2 methods :

RNGCryptoServiceProvider.GetNonZeroBytes

and

RNGCryptoServiceProvider.GetBytes

And so I ask :

What is odd with Filling an array of bytes with a cryptographically strong sequence of random value which some (0 or more) of them are zeros ? (it is random values and apparently there wont be many zeros , and still zero is also a regular number)

why did they created the distinguishing ?

Wholesale answered 3/10, 2012 at 7:33 Comment(0)

Within the .NET framework, GetNonZeroBytes(byte[]) is used when generating PKCS#1 padding for RSA encryption, which uses 0x00 as a seperator.

Using a tool like Reflector, you can see it used in RSAPKCS1KeyExchangeFormatter.CreateKeyExchange(byte[]) to implement padding as per RFC 2313, section 8.1.2 (RFC 3218 has some nice ASCII art that demonstrates the byte layout more clearly).

GetNonZeroBytes(byte[]) could also be used to generate salt. The Cryptography StackExchange site has a similar question which suggests that avoiding 0x00 is to help with libraries and APIs that may treat the salt as a zero-terminated string, which would accidentally truncate the salt. However, unless one is using P/Invoke, this is unlikely to be a concern in .NET.

Semifinal answered 3/10, 2012 at 8:29 Comment(2)

salt is just adding difficulty to rainbow table. it can be done with GetBytes also ....right ? – Wholesale 4/10, 2012 at 7:45

Correct, so long as you're sure that none of the places that use or store the salt have a problem with 0x00. If unsure, you could always test it first with some salt that specifically contains 0x00 bytes. – Semifinal 4/10, 2012 at 7:47

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags