gpt4 book ai didi

c++ - 为什么 CWE 认为 rand() 具有潜在危险

转载 作者:行者123 更新时间:2023-11-30 01:36:18 25 4
gpt4 key购买 nike

我一直在使用 rand() 函数来生成随机数。当我通过 CWE 检查工具检查我的代码时,它认为 rand() 是一个潜在的危险函数,并建议使用加密库。任何人都可以详细说明吗?生成随机数的最佳和安全替代方法是什么

最佳答案

根据 https://en.cppreference.com/w/cpp/numeric/random/rand :

There are no guarantees as to the quality of the random sequence produced. In the past, some implementations of rand() have had serious shortcomings in the randomness, distribution and period of the sequence produced (in one well-known example, the low-order bit simply alternated between 1 and 0 between calls).

rand() is not recommended for serious random-number generation needs. It is recommended to use C++11's random number generation facilities to replace rand(). (since C++11)

关于c++ - 为什么 CWE 认为 rand() 具有潜在危险,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52454172/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com