Predictable Seed in PRNG| ID: 337 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
A PRNG is initialized from a predictable seed, e.g. using
process ID or system time.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Other | Varies by context | |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| | | Use non-predictable inputs for seed generation. | | |
| Architecture and DesignRequirements | Libraries or Frameworks | Use products or modules that conform to FIPS 140-2 [R.337.1] to avoid
obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random
Number Generators"). | | |
| Implementation | | Use a PRNG that periodically re-seeds itself using input from
high-quality sources, such as hardware devices with high entropy.
However, do not re-seed too frequently, or else the entropy source might
block. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-337 ChildOf CWE-905 | Category | CWE-888 | |
Demonstrative Examples (Details)
- Both of these examples use a statistical PRNG seeded with the
current value of the system clock to generate a random number: (Demonstrative Example Id DX-102)
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | Predictable Seed in PRNG | |
| CERT Java Secure Coding | MSC02-J | Generate strong random numbers | |
References:
- Information Technology Laboratory, National Institute of
Standards and Technology .SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC
MODULES. 2001-05-25.
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 20: Weak Random Numbers." Page 299'. Published on 2010.
