...
The rand48 family of functions provides another alternative.
Note. Pseudo These pseudo random number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. For true randomness, Linux users can use the character devices /dev/random or /dev/urandom, but it is advisable to retrieve only a small number of characters from these devices. (The device /dev/random may block for a long time if there are not enough events going on to generate sufficient randomness; /dev/urandom does not block.)
Risk Assessment
Using the rand function may lead to programming problems (for example, non-unique unique IDs) or weak cryptography.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC30-C | 1 (low) | 1 (low) | 1 (high) | P1 | L3 |
References
- ISO/IEC 9899-1999 Section 7.20.
...
- 2.1, "The rand function"