Page History

...

The rand48 family of functions provides another psuedo-random alternative.

Code Block

bgColor	#ccccff

unsigned long int li;
FILE* fd;

if(!(fd = fopen("/dev/random", "r")) {
   /* Handle error condition */
}

if(fread(&li, sizeof(li), 1, fd) != sizeof(li)) {
   /* Handle error condition */
}

fclose(fd);

printf("Random number: %lu%ld\n", li);

Compliant Solution (Windows)

...

If an application has access to a good random source, it can fill the pbBuffer buffer with some random data before calling CryptGenRandom(). The CSP then uses this data to further randomize its internal seed. It is acceptable to omit the step of initializing the pbBuffer buffer before calling CryptGenRandom().
Code Block
bgColor #ccccff
HCRYPTPROV hCryptProv;
union {
    BYTE bs[sizeof(long int)];
    long int li;
} rand_buf;

if(!CryptGenRandom(hCryptProv, sizeof(rand_buf), &rand_buf) {
    /* Handle error */
} else {
    printf("Random number: 

...

%ld\n", rand_buf.li);
}

Risk Assessment

Using the rand() function leads to possibly predictable random numbers.

...

Space shortcuts

Page tree

Versions Compared

Old Version 17

New Version 18

Key

Compliant Solution (Windows)

Risk Assessment