ASVS Requirement 11.5.1

• Level: 2
• Chapter: V11 Cryptography
• Section: V11.5 Random Values
• Source: 0x20-V11-Cryptography.md

Description

Verify that all random numbers and strings which are intended to be non-guessable must be generated using a cryptographically secure pseudo-random number generator (CSPRNG) and have at least 128 bits of entropy. Note that UUIDs do not respect this condition.