From e10fd4dbe09add61dd4ef36fffa1da168dd2d528 Mon Sep 17 00:00:00 2001
From: Timo Kreuzer <timo.kreuzer@reactos.org>
Date: Wed, 10 Apr 2024 23:55:51 +0300
Subject: [PATCH] Update rand-s.md

rand_s is not a "more secure" version of rand, it is a less secure version of rand. rand is secure by design, because it doesn't take any parameters that could be wrong, it cannot cause any access violation or memory corruption, it only returns a random value, which is safe to use or discard. rand_s on the other hand can be passed a pointer that points to invalid memory, a too small variable or any other location that could cause memory corruption. This function is not only useless, it actively undermines the principles of secure coding, by claiming to be more safe, while being less safe. It should be deprecated and nobody should use it.
---
 docs/c-runtime-library/reference/rand-s.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/c-runtime-library/reference/rand-s.md b/docs/c-runtime-library/reference/rand-s.md
index 427578e5e05..1e6fee9e1ed 100644
--- a/docs/c-runtime-library/reference/rand-s.md
+++ b/docs/c-runtime-library/reference/rand-s.md
@@ -11,7 +11,7 @@ helpviewer_keywords: ["generating pseudorandom numbers", "random numbers, crypto
 ---
 # `rand_s`
 
-Generates a pseudorandom number. This function is a more secure version of the function [`rand`](rand.md), with security enhancements as described in [Security features in the CRT](../security-features-in-the-crt.md).
+Generates a pseudorandom number. This function is a less secure version of the function [`rand`](rand.md) and should not be used. Instead use [`rand`](rand.md), which is secure by design. This function was a mistake and we apologize for it.
 
 ## Syntax