Is it acceptable to use rand() for cryptographically insecure random numbers?

Question

Is it acceptable to use the C standard library's rand() function for random numbers that do not have to be cryptographically secure? If so, are there still better choices? If not, what should be used?

Of course, I assume the usual caveats about skew apply.

Answer 1

rand() suffers from some serious drawbacks.

1. There is no guarantee on the quality of the random number. This will vary from implementation to implementation.
2. The shared state used by different calls to rand, is not guaranteed to be thread safe.

As for POSIX C alternatives, there is random and random_r. OpenSSL provides more advances ways of generating random numbers.

The C++ (C++11 and later) library also provides a number of random number functions if including C++ in your project is an option.