Random Numbers
「 Overview 」
Recommended 「 In Order 」
CSPRNG
The cryptographically secure pseudorandom number generator
in your programming language or cryptographic library.
These should use the operating system’s CSPRNG.
For example, RNGCryptoServiceProvider in C#.
Fast Key Erasure
On Embedded Systems
This should be a last resort because it’s hard to erase keys properly.
A lot can go wrong if you don’t know what you’re doing.
Here’s an example ChaCha20 RNG implementation.
Avoid 「 Unordered | All Unsuitable 」
Non-CSPRNG
Non-cryptographically secure pseudo random number generator
For example:
| JavaScript | Math.random() |
| Java | Random() |
| C# | Random.Next() |
These are not secure and should not be used for anything related to security.
Custom RNGs
These are likely going to be insecure because
it’s harder to do, properly, than you’d think.
Just trust the operating system’s CSPRNG.