I would like to generate a salt using a secure PRNG. I've read that the newest and recommended way to achieve this is to create a RandomNumberGenerator instance to GetBytes. However, I am not so sure which way should I follow:
// CODE 1
private static byte[] GenerateSaltNewInstance(int size)
{
using (var generator = RandomNumberGenerator.Create())
{
var salt = new byte[size];
generator.GetBytes(salt);
return salt;
}
}
// CODE 2
private static RandomNumberGenerator rng = RandomNumberGenerator.Create();
private static byte[] GenerateSaltStatic(int size)
{
var salt = new byte[size];
rng.GetBytes(salt);
return salt;
}
What is the difference? Basically in the first version of this method I am creating a new instance of RandomNumberGenerator every time. In the second one I am using a static instance initialized once.
Which one should I choose? In articles I see people following the first path, but I don't feel why it would be a better idea to create RandomNumberGenerator 10000 times :P
Aucun commentaire:
Enregistrer un commentaire