I'm wondering whether it's okay just to instantiate a single, global
AutoSeededRandomPool in your application that is used by all the
various crypto algorithms or whether it's better to instantiate a new
AutoSeededRandomPool every time you need it (such as one for creating a
random nonce and another one when calling RSA's Encrypt() method).
Soren
A GlobalPRNG should be fine. Unless of course design requirements
dictate each thread receive it's own PRNG, etc.
I actually prefer the Global method since ASRP uses OS entropy to seed
itself (on Windows). I think it is possible to go to the well once to
often when using the underlying OS function. That is, a per thread or
per needed may tax the systems ability to deliver psuedo random bytes.
Jeff
I suggest one instance per thread so you don't have to worry about
synchronizing access to it. One instance per use is fine also if that
is more convenient. The extra system overhead is probably unnoticeable
in most situations.