47 lines
1.1 KiB
Plaintext
47 lines
1.1 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
As the ``++System.Random++`` class relies on a non-cryptographic pseudorandom number generator, it should not be used for security-critical applications or for protecting sensitive data. In such context, the ``++System.Cryptography.RandomNumberGenerator++`` class which relies on a CSPRNG should be used in place.
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
----
|
|
var random = new Random(); // Sensitive use of Random
|
|
byte[] data = new byte[16];
|
|
random.NextBytes(data);
|
|
return BitConverter.ToString(data); // Check if this value is used for hashing or encryption
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
[source,csharp]
|
|
----
|
|
using System.Security.Cryptography;
|
|
...
|
|
var randomGenerator = RandomNumberGenerator.Create();
|
|
byte[] data = new byte[16];
|
|
randomGenerator.GetBytes(data);
|
|
return BitConverter.ToString(data);
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
include::../comments-and-links.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|