SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 66

changes.mady.by.user vishal patel

Saved on

compared with

New Version 67

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp)

...

Wiki Markup
On Windows platforms, the [{{CryptGenRandom()}}|http://msdn2.microsoft.com/en-us/library/aa379942.aspx] function may be used to generate cryptographically strong random numbers.  Note that the exact details of the implementation are unknown including, for example,  what source of entropy {{CryptGenRandom()}} uses.  From the Microsoft Developer Network {{CryptGenRandom()}} reference \[[MSDN|AA. References#MSDNBibliography#MSDN]\]:

Wiki Markup
If an application has access to a good random source, it can fill the {{pbBuffer}} buffer with some random data before calling {{CryptGenRandom()}}. The CSP \[cryptographic service provider\] then uses this data to further randomize its internal seed. It is acceptable to omit the step of initializing the {{pbBuffer}} buffer before calling {{CryptGenRandom()}}.

...

Wiki Markup
\[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.20.2.1, "The rand function"
\[[MITRE 07|AA. References#MITREBibliography#MITRE 07]\] [CWE ID 327|http://cwe.mitre.org/data/definitions/327.html], "Use of a Broken or Risky Cryptographic Algorithm," [CWE ID 330|http://cwe.mitre.org/data/definitions/330.html], "Use of Insufficiently Random Values"
\[[MSDN|AA. References#MSDNBibliography#MSDN]\] "[CryptGenRandom Function|http://msdn.microsoft.com/en-us/library/aa379942.aspx]"

...