Pseudorandom number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random.
The C Standard rand()
function, exposed through the C++ standard library through <cstdlib>
as std::rand()
, makes no guarantees as to the quality of the random sequence produced. The numbers generated by some implementations of std::rand()
have a comparatively short cycle, and the numbers can be predictable. Applications that have strong pseudorandom number requirements must use a generator that is known to be sufficient for their needs.
Noncompliant Code Example
The following noncompliant code generates an ID with a numeric part produced by calling the rand()
function. The IDs produced are predictable and have limited randomness. Further, depending on the value of RAND_MAX
, the resulting value can have modulo bias.
#include <cstdlib> #include <string> void f() { std::string id("ID"); // Holds the ID, starting with the characters "ID" followed // by a random integer in the range [0-10000]. id += std::to_string(std::rand() % 10000); // ... }
Compliant Solution
The C++ standard library provides mechanisms for fine-grained control over pseudorandom number generation. It breaks number generation down into two parts: one part is the algorithm responsible for providing random values (the engine), and the other is responsible for distribution of the random values via a density function (the distribution). The distribution object is not strictly required, but it works to ensure that values are properly distributed within a given range instead of improperly distributed due to bias issues. This compliant solution uses the Mersenne Twister algorithm as the engine for generating random values and a uniform distribution to negate the modulo bias from the noncompliant code example:
#include <random> #include <string> void f() { std::string id("ID"); // Holds the ID, starting with the characters "ID" followed // by a random integer in the range [0-10000]. std::uniform_int_distribution<int> distribution(0, 10000); std::random_device rd; std::mt19937 engine(rd()); id += std::to_string(distribution(engine)); // ... }
Note that this compliant solution also seeds the random number engine, in conformance with MSC51-CPP. Ensure your random number generator is properly seeded.
Risk Assessment
Using std::rand()
function could lead to predictable random numbers.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC50-CPP | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Clang | 4.0 (prerelease) | cert-msc50-cpp | Checked by clang-tidy |
CodeSonar | 8.1p0 | BADFUNC.RANDOM.RAND | Use of rand |
|
|
| |
1.2 | CC2.MSC30 | Fully implemented | |
Unable to render {include} The included page could not be found. |
|
| |
LDRA tool suite | 9.7.1
| 44 S | Enhanced Enforcement |
Parasoft C/C++test | 9.5 | SECURITY-02 | |
PRQA QA-C++ | 4.4 | Warncall -wc rand | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | MSC51-CPP. Ensure your random number generator is properly seeded |
SEI CERT C Coding Standard | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
CERT Oracle Secure Coding Standard for Java | MSC02-J. Generate strong random numbers |
MITRE CWE | CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values |
Bibliography
[ISO/IEC 9899:2011] | Subclause 7.22.2, "Pseudo-random Sequence Generation Functions" |
[ISO/IEC 14882-2014] | Subclause 26.5, "Random Number Generation" |