include::../description.adoc[]

As the ``++System.Random++`` class relies on a non-cryptographic pseudorandom number generator, it should not be used for security-critical applications or for protecting sensitive data. In such context, the ``++System.Cryptography.RandomNumberGenerator++`` class which relies on a CSPRNG should be used in place.

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
var random = new Random(); // Sensitive use of Random
byte[] data = new byte[16];
random.NextBytes(data);
return BitConverter.ToString(data); // Check if this value is used for hashing or encryption
----

== Compliant Solution

[source,csharp]
----
using System.Security.Cryptography;
...
var randomGenerator = RandomNumberGenerator.Create();
byte[] data = new byte[16];
randomGenerator.GetBytes(data);
return BitConverter.ToString(data);
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]