Appears it is indeed threadsafe. 100 threads, 1000 bytes per thread gives
the results below. The histogram of nibbles from the random stream seems
fairly well distributed. Note that this doesn't check as thoroughly as
http://csrc.nist.gov/groups/ST/toolkit/rng/stats_tests.html but work for our
needs for now.

 

Quick and dirty test code at
https://github.com/sidshetye/BouncyRngThreadSafety 

 

----------------------------------------

HISTOGRAM

Nibble  BinCnt  Delta from expected

   0    12468   0.02 % =========

   1    12555   0.03 % ================

   2    12577   0.04 % =======================

   3    12428   0.04 % =====================

   4    12488   0.01 % ====

   5    12463   0.02 % ===========

   6    12463   0.02 % ===========

   7    12364   0.07 % ========================================

   8    12487   0.01 % ====

   9    12570   0.04 % =====================

   A    12485   0.01 % ====

   B    12390   0.06 % ================================

   C    12584   0.04 % =========================

   D    12554   0.03 % ================

   E    12570   0.04 % =====================

   F    12554   0.03 % ================

Expected bin count is 12500

Bin standard deviation is 66.9449400627112

Test PASSED

Press any key to continue or hit escape to quit ...

 

 

From: Sid Shetye [mailto:sid...@outlook.com] 
Sent: Monday, June 23, 2014 10:09 PM
To: 'Bouncy Castle Developer List'
Subject: [dev-crypto-csharp] Is the SecureRandom class thread safe?

 

Within the BouncyCastle.Security namespace, there lives the SecureRandom
class. Is it thread-safe in its crypto-random assurances?

 

i.e. If I had 100 threads drawing random bytes out of a single instance of
that class (created for example via SecureRandom.GetInstance("SHA256PRNG"))
would it actually pull random bytes in an overall crypto-random manner? Or
will it trip over and (example) keep supplying the same "random" byte to
multiple threads due to lack of thread safety?

 

If yes but this behavior was recently changed, would appreciate that tip
too!

 

Thanks

Reply via email to