A dead-simple, cryptographically secure random byte generator for C++.

Random++ gives you two things: secure random bytes and safe memory erasure. It uses your operating system's built-in cryptographic random source -- no external crypto libraries needed, no configuration, no fuss.

• Cryptographically secure -- uses OS-native entropy sources (not pseudo-random)
• Cross-platform -- Windows, Linux, macOS, BSD, and Emscripten (WebAssembly)
• Secure memory erasure -- safely zeros sensitive data so it doesn't linger in memory
• Tiny API -- just two functions
• Clean C++ interface -- everything lives in the randompp namespace
• No external dependencies -- leverages what the OS already provides
• Security hardened -- compiled with stack protection, control-flow guards, RELRO, and more

• CMake 3.10+
• A C++17-capable compiler (GCC, Clang, or MSVC)

mkdir build && cd build
cmake ..
cmake --build .

add_subdirectory(randompp)
target_link_libraries(your_target PRIVATE randompp)

#include <randompp.hpp>
#include <cstdint>
#include <cstdio>

int main()
{
    uint8_t key[32];

    // Fill the buffer with 32 cryptographically secure random bytes
    if (randompp::random_bytes(sizeof(key), key) != 0)
    {
        fprintf(stderr, "Failed to generate random bytes\n");
        return 1;
    }

    // Use the key for something...

    // Securely wipe it from memory when done
    randompp::secure_erase(sizeof(key), key);

    return 0;
}

int randompp::random_bytes(size_t length, void *pointer);

Fills a buffer with cryptographically secure random bytes.

• length -- number of bytes to generate
• pointer -- buffer to write into (must be at least length bytes)
• Returns 0 on success, -1 on failure

void randompp::secure_erase(size_t length, void *pointer);

Securely zeros a region of memory, preventing the compiler from optimizing the operation away.

• length -- number of bytes to zero
• pointer -- start of the memory region to erase

BSD 3-Clause. See LICENSE for details.