...
The following noncompliant code generates an ID with a numeric part produced by calling the rand() function. The IDs produced are predictable and have limited randomness.
| Code Block |
|---|
|
enum {len = 12};
char id[len]; /* id will hold the ID, starting with
* the characters "ID" followed by a
* random integer */
int r;
int num;
/* ... */
r = rand(); /* generate a random integer */
num = snprintf(id, len, "ID%-d", r); /* generate the ID */
/* ... */
|
...
In this compliant solution, a better pseudorandom number generator is the random() function. While the low-dozen bits generated by rand() go through a cyclical pattern, all the bits generated by random() are usable.
| Code Block |
|---|
|
enum {len = 12};
char id[len]; /* id will hold the ID, starting with
* the characters "ID" followed by a
* random integer */
int r;
int num;
/* ... */
time_t now = time(NULL);
if (now == (time_t) -1) {
/* handle error */
}
srandom(now); /* seed the PRNG with the current time */
/* ... */
r = random(); /* generate a random integer */
num = snprintf(id, len, "ID%-d", r); /* generate the ID */
/* ... */
|
...
| Wiki Markup |
|---|
If an application has access to a good random source, it can fill the {{pbBuffer}} buffer with some random data before calling {{CryptGenRandom()}}. The CSP \[cryptographic service provider\] then uses this data to further randomize its internal seed. It is acceptable to omit the step of initializing the {{pbBuffer}} buffer before calling {{CryptGenRandom()}}. |
| Code Block |
|---|
|
#include<Wincrypt.h>
HCRYPTPROV hCryptProv;
union {
BYTE bs[sizeof(long int)];
long int li;
} rand_buf;
if (!CryptGenRandom(hCryptProv, sizeof(rand_buf), &rand_buf) {
/* Handle error */
} else {
printf("Random number: %ld\n", rand_buf.li);
}
|
...
