Predictable Value Range from Previous ValuesID: 343 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software's random number generator produces a series of
values which, when observed, can be used to infer a relatively small range of
possibilities for the next value that could be generated.
Extended DescriptionThe output of a random number generator should not be predictable based on
observations of previous values. In some cases, an attacker cannot predict
the exact value that will be produced next, but can narrow down the
possibilities significantly. This reduces the amount of effort to perform a
brute force attack. For example, suppose the product generates random
numbers between 1 and 100, but it always produces a larger value until it
reaches 100. If the generator produces an 80, then the attacker knows that
the next value will be somewhere between 81 and 100. Instead of 100
possibilities, the attacker only needs to consider 20.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
Scope | Technical Impact | Notes |
---|
Other | Varies by context | |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
| | Increase the entropy used to seed a PRNG. | | |
Architecture and DesignRequirements | Libraries or Frameworks | Use products or modules that conform to FIPS 140-2 [R.343.1] to avoid
obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random
Number Generators"). | | |
Implementation | | Use a PRNG that periodically re-seeds itself using input from
high-quality sources, such as hardware devices with high entropy.
However, do not re-seed too frequently, or else the entropy source might
block. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-343 ChildOf CWE-905 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Predictable Value Range from Previous
Values | |
References:
- Information Technology Laboratory, National Institute of
Standards and Technology .SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC
MODULES. 2001-05-25.
- Michal Zalewski .Strange Attractors and TCP/IP Sequence Number
Analysis. Published on 2001.
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 20: Weak Random Numbers." Page 299'. Published on 2010.