Runtime: RNGCryptoServiceProvider offers unappropriate API
The RNGCryptoServiceProvider should have an API that provides all the convenience methods of the standard Random class. It looks ridiculous having an example code snippet that is 34 lines longer than necessary.
If there were a decorator class providing the NextInt functions for rolling a dice or selecting a random element from an array or collection, many of the Stack Overflow answers could be written with a reasonable amount of code. As it is now, there is actual danger of people using the secure random number generator and then forgetting about the bias, just because they don't want to copy and paste the boilerplate code from this example.
This boilerplate code should be implemented exactly once, in the .NET standard library, and not millions of times by inexperienced programmers in a hurry of meeting a deadline.
References:
rillig
All 5 comments
GetInt32 was added to System.Security.Cryptography.RandomNumberGenerator and will be available in .NET Core 3 and .NET Standard 2.1. Does this provide the solution you were looking for?
vcsjones
on 23 Jul 2019
Partly. The documentation is still bloated. The documentation still needs to be adjusted to use this shiny new API. Having bloated code in the API documentation makes the API team look bad for no reason.
rillig
on 24 Jul 2019
@bartonjs is going through our API docs I believe.
danmosemsft
on 24 Jul 2019
But @rillig you can just offer a PR : https://github.com/dotnet/dotnet-api-docs/blob/master/xml/System.Security.Cryptography/RNGCryptoServiceProvider.xml
danmosemsft
on 24 Jul 2019
@danmosemsft Thanks for the offer, but no. It's Microsoft's job to fix the documentation. And I don't write C#, Visual Basic and F# and assembly fluently to correct all of them. I strongly believe that these example snippets are all generated from a common template, otherwise this job would be really frustratingly boring and error-prone, and I cannot believe Microsoft is living _that far_ in the past.
rillig
on 25 Jul 2019
Related issues
btecu
路
3Comments
noahfalk
路
3Comments
omajid
路
3Comments
bencz
路
3Comments
v0l
路
3Comments
Most helpful comment
@danmosemsft Thanks for the offer, but no. It's Microsoft's job to fix the documentation. And I don't write C#, Visual Basic and F# and assembly fluently to correct all of them. I strongly believe that these example snippets are all generated from a common template, otherwise this job would be really frustratingly boring and error-prone, and I cannot believe Microsoft is living _that far_ in the past.