I was wondering if there's a difference in security between the following:
CASE A:
byte[] data = new byte[47];
using(RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider())
{
crypto.GetBytes(data);
}
CASE B:
byte[] data = new byte[47];
using(RNGCryptoServiceProvider crypto = new RNGCryptoServiceProvider())
{
for(int i = 0; i < 47; i++)
{
byte[] byte = new byte[1];
crypto.GetBytes(byte);
data[i] = byte;
}
}
I was wondering because I was inspired by the example of MSDN. Which basically checks whether the byte received was fair due to the unfair distribution of using modulo on a limited value. (I was building a random string generator and I don't want to give the characters early in the alphabet the advantage of an unfair distribution)
So basically my question is, is there a difference in security whether I loop "GetBytes" to get N bytes (case b), or use "GetBytes" directly to get N bytes (case a).
Thank you for your time
No, there isn't. The bytes are generated the same way no matter whichever way you get them.