You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
2、解决建议
可以使用libsodium库提供的一组函数,来产生不可预测的数据。可以使用该库的随机数生成函数来生成安全随机数,
如示例(网上copy的,没验证过):
#include "sodium.h"
int foo() {
char myString[32];
int myInt;
randombytes_buf(myString, 32);
/* myString will be a string of 32 random bytes /
myInt = randombytes_uniform(10);
/ myInt will be a random number between 0 and 9 */
}
The text was updated successfully, but these errors were encountered:
1、问题描述
rand类使用srand()初始化也会产生一些逻辑漏洞,比如以下示例:
如果使用该随机数生成验证码时,可能会导致产生生成的随机数相同,从而产生的多个验证码相同,导致逻辑漏洞的产生。
而且rand本身随机性就不高,可直接禁用该函数。
2、解决建议
可以使用libsodium库提供的一组函数,来产生不可预测的数据。可以使用该库的随机数生成函数来生成安全随机数,
如示例(网上copy的,没验证过):
#include "sodium.h"
int foo() {
char myString[32];
int myInt;
randombytes_buf(myString, 32);
/* myString will be a string of 32 random bytes /
myInt = randombytes_uniform(10);
/ myInt will be a random number between 0 and 9 */
}
The text was updated successfully, but these errors were encountered: