Avoid pseudo-random numbers

Metadata

ID: csharp-security/no-pseudo-random

Language: C#

Severity: Notice

Category: Security

Description

Avoid pseudo-random generator as they generate numbers that are easy to guess. Prefer more secure, cryptographic-friendly random generators.

Learn More

Non-Compliant Code Examples

class MyClass {
    public static void routine()
    {
        var random = new Random();
    }
}

Compliant Code Examples

using System.Security.Cryptography;

class MyClass {
    public static void routine()
    {
        var random = RandomNumberGenerator.Create();
        byte[] randomData = new byte[4];
        randomGenerator.GetBytes(randomData);
    }
}