Question

我有一个伙伴关系。 NET应用程序依靠Random族生成假肢。它使用以下代码(这是谷歌为SSO提供的一个较大的样本代码的一部分):

    public static class SamlUtility
{
    private static Random random = new Random();

    private static char[] charMapping =  {  a ,  b ,  c ,  d ,  e ,  f ,  g ,  h ,  i ,  j ,  k ,  l ,  m ,  n ,  o ,  p  };

    public static string CreateId()
    {
        byte[] bytes = new byte[20]; // 160 bits

        random.NextBytes(bytes);

        char[] chars = new char[40];

        for (int i = 0; i < bytes.Length; i++)
        {
            int left = (bytes[i] >> 4) & 0x0f;
            int right = bytes[i] & 0x0f;
            chars[i * 2] = charMapping[left];
            chars[i * 2 + 1] = charMapping[right];
        }

        return new string(chars);
    }
}

这通常运作良好,但有时会开始产生一种扼杀。从我能够从欺骗中了解到的情况来看,Random只是停止了随机返回的数量,而是以同样的价值填补了tes。我用一个国际统一私法来掩盖了这一情况,但我对原法典中所发生的事情感到奇怪。我假定某种形式的热带穷竭,但我无法在docs中找到任何参考。而且,每次发生这种情况时,都恢复正确的行为。

任何关于什么错的建议都会受到高度赞赏。

Answer 1

The Random class is not thread-safe.
If you generate random numbers on the same instance on multiple threads at once, its internal state will be corrupted and it will start returning zeroes.

You need to make the Random instance [ThreadStatic] to ensure that each instance is not shared by multiple threads.
Note that initializers for [ThreadStatic] fields will only run once, so you need to check whether it s null every time you use the field and initialize it if necessary.
It would also be a good idea to include both the thread ID and the current time in the seed to prevent seed collisions.

http://msdn.microsoft.com/en-us/library/system.security.codeography.rngcodeoserviceprovider.aspx” rel=“nofollow noreferer”>。

友情链接