C#: Update insecure randomness query description to match implementation

2026-04-26 01:05:15 +02:00 · 2023-11-17 08:48:38 +01:00
parent 93eaeaec75
commit 9a8ad7d590
1 changed files with 1 additions and 9 deletions
--- a/Features/InsecureRandomness.qhelp
+++ b/Features/InsecureRandomness.qhelp
@@ -29,11 +29,6 @@ number generator. <code>Random</code> is not cryptographically secure, and shoul
 security contexts. For contexts which are not security sensitive, <code>Random</code> may be
 preferable as it has a more convenient interface, and is likely to be faster.
 </p>
-<p>
-For the specific use-case of generating passwords, consider
-<code>System.Web.Security.Membership.GeneratePassword</code>, which provides a cryptographically
-secure method of generating random passwords.
-</p>

 </recommendation>

@@ -54,10 +49,7 @@ purpose. In this case, it is much harder to predict the generated integers.
 </p>
 <p>
 In the final example, the password is generated using the <code>Membership.GeneratePassword</code>
-library method, which uses a cryptographically secure random number generator to generate a random
-series of characters. This method should be preferred when generating passwords, if possible, as it
-avoids potential pitfalls when converting the output of a random number generator (usually an int or
-a byte) to a series of permitted characters.
+library method, which generates a password with a bias, therefore should be avoided.
 </p>
 <sample src="InsecureRandomness.cs" />