henningw left a comment (kamailio/kamailio#4458)
> ```
> CID 638428: Security best practices violations (DC.WEAK_CRYPTO)
> "rand" should not be used for security-related applications, because linear
> congruential algorithms are too easy to break.
> 486 idx = rand() % replica_list.count;
> ```
>
> What should I use instead of rand()?
If its not security related, its fine to use rand() as Daniel mentioned. If you
want to get a strong pseudo random number, which is not used for cryptographic
purposes, you can use fastrand() from core. For cryptographic purposes there is
also cryptorand().
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/4458#issuecomment-3486137819
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/4458/[email protected]>
_______________________________________________
Kamailio - Development Mailing List -- [email protected]
To unsubscribe send an email to [email protected]
Important: keep the mailing list in the recipients, do not reply only to the
sender!
