Calling a random number generator (RNG) that is not seeded , results in generating the same sequence of random numbers in different runs of the program.
Suppose an RNG function is called 10 times consecutively to produce a sequence of 10 random numbers. Suppose , also , that this RNG is not seeded. Running the code for the first time produces the sequence S = <r1, r2, r3, r4, r5, r6, r7, r8, r9, r10>. Running the code again for a second time produces the exact same sequence S. Generally, any subsequent runs of the code will generate the same sequence S.
...
Rule MSC30-C. Do not use the rand() function for generating pseudorandom numbers addresses RNGs from a different perspective, that which is the time till until the first collision occurs. In other words, during a single run of an RNG, the time interval after which , the RNG generates the same random numbers. The rule MSC30-C deprecates the rand() function, as it generates numbers which that have a comparatively short cycle. The same rule proposes the use of the random() function for POSIX and CryptGenRandom() function for Windows.
The current rule (MSC32-C) examines these three RNGs in terms of seeding. Noncompliant code examples correspond to the use of an RNG without a seed, while compliant solutions correspond to the same RNG being properly seeded. Rule MSC32-C addresses all three RNGs mentioned in rule MSC30-C for completeness. Rule MSC32-C complies to MSC30-C and does not recommend the use of the rand() function. Nevertheless, if it is unavoidable to use rand(), it should at least , it should be properly seeded.
Noncompliant Code Example
...
Although the rand() function is now properly seeded, this solution is still noncompliant because the numbers generated by rand() have a comparatively short cycle, and the numbers may be predictable (see MSC30-C. Do not use the rand() function for generating pseudorandom numbers).
...
This noncompliant code example generates a sequence of 10 pseudorandom numbers using the random() function. When random() is not seeded, it behaves like rand(), and thus produces the same sequence of random numbers at different calls.
...
In the previous examples, seeding in rand() and random() is done using the time() function, which returns the current time calculated as the number of seconds that have past passed since 01/01/1970. Depending on the application and the desirable level of security, a programmer may choose alternative ways to seed RNGs. In general, hardware is more capable of generating real random numbers (for example, generate a sequence of bits by sampling the thermal noise of a diode and use this as a seed).
...