include::../summary.adoc[]

== Why is this an issue?

include::../rationale.adoc[]

include::../impact.adoc[]

// How to fix it section

include::how-to-fix-it/java-se.adoc[]

== Resources

include::../common/resources/docs.adoc[]

include::../common/resources/articles.adoc[]

include::../common/resources/presentations.adoc[]

include::../common/resources/standards.adoc[]


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

=== is related to: S2245

=== on 22 Oct 2020, 10:37:32 Alexandre Gigleux wrote:
This rule should be made more generic and at minimum be supported by C#.

I would rename it "Pseudo-Random Number Generator (PRNG) seeds should not be predictable".


The test cases from the SARD Juliet Suite (\https://samate.nist.gov/SARD/testsuite.php) should be used as a reference to know what should be detected or not: CWE336_Same_Seed_in_PRNG

=== on 3 Nov 2020, 11:31:26 Pavel Mikula wrote:
This rule is not relevant for .NET. ``++System.Random++`` can have seed, but should not be used for cryptography as RSPEC-2245 defines. Security-related APIs like ``++RandomNumberGenerator++`` or ``++RNGCryptoServiceProvider++`` don't have a way to set seed (for obvious reasons).

endif::env-github,rspecator-view[]