C#

C#

By DeepSource

Audit required: Insecurely generated random numberCS-A1008

Security

Random is a pseudo-random number generator, which is an algorithm that produces a sequence of numbers that meet certain statistical requirements for randomness. Because the number generated is not random enough for sensitive operations, consider using RandomNumberGenerator from System.Security.Cryptography namespace instead.

Examples

Bad Practice

var random = new Random();

Recommended

[Flags]
var randomGenerator = RandomNumberGenerator.Create();

Reference