[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78764

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Insufficient Entropy in PRNG

ID: 332Date: (C)2012-05-14   (M)2017-10-12
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

Likelihood of Exploit: Medium

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Availability
 
DoS: crash / exit / restart
 
If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
 
Access_Control
Other
 
Bypass protection mechanism
Other
 
If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
Requirements
 
Libraries or Frameworks
 
Use products or modules that conform to FIPS 140-2 [R.332.1] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
 
  
Implementation
 
 Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.
 
  
Architecture and Design
 
 When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable.
 
  

Relationships

Related CWETypeViewChain
CWE-332 ChildOf CWE-905 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CLASP  Insufficient entropy in PRNG
 
 
CERT Java Secure Coding MSC02-J
 
Generate strong random numbers
 
 

References:

  1. Information Technology Laboratory, National Institute of Standards and Technology .SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES. 2001-05-25.

© 2013 SecPod Technologies