Use of insecure random number
13
14 // CS-A1008: Insecurely generated random number.
15 // https://deepsource.io/directory/analyzers/csharp/issues/CS-A1008
16 var randomNum = new Random();17 }
18
19 // CS-A1000: Use `System.URI` where possible.
Description
Random
is a pseudo-random number generator, which is an algorithm that produces a sequence of numbers that meet certain statistical requirements for randomness. Because the number generated is not random enough for sensitive operations, consider using RandomNumberGenerator
from System.Security.Cryptography
namespace instead.
Bad Practice
var random = new Random();
Recommended
var randomGenerator = RandomNumberGenerator.Create();