C#

C#

By DeepSource

Audit required: Insecurely generated random number CS-A1008

Security

Random is a pseudo-random number generator, which is an algorithm that produces a sequence of numbers that meet certain statistical requirements for randomness. Because the number generated is not random enough for sensitive operations, consider using RandomNumberGenerator from System.Security.Cryptography namespace instead.

Examples

Bad Practice

var random = new Random();

Recommended

[Flags]
var randomGenerator = RandomNumberGenerator.Create();

Reference