Insufficient Entropy in PRNG| ID: 332 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Variant |
Description
The lack of entropy available for, or used by, a Pseudo-Random
Number Generator (PRNG) can be a stability and security
threat.
Likelihood of Exploit: Medium
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Availability | DoS: crash / exit /
restart | If a pseudo-random number generator is using a limited entropy source
which runs out (if the generator fails closed), the program may pause or
crash. |
| Access_ControlOther | Bypass protection
mechanismOther | If a PRNG is using a limited entropy source which runs out, and the
generator fails open, the generator could produce predictable random
numbers. Potentially a weak source of random numbers could weaken the
encryption method used for authentication of users. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and DesignRequirements | Libraries or Frameworks | Use products or modules that conform to FIPS 140-2 [R.332.1] to avoid
obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random
Number Generators"). | | |
| Implementation | | Consider a PRNG that re-seeds itself as needed from high-quality
pseudo-random output, such as hardware devices. | | |
| Architecture and Design | | When deciding which PRNG to use, look at its sources of entropy.
Depending on what your security needs are, you may need to use a random
number generator that always uses strong random data -- i.e., a random
number generator that attempts to be strong but will fail in a weak way
or will always provide some middle ground of protection through
techniques like re-seeding. Generally, something that always provides a
predictable amount of strength is preferable. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-332 ChildOf CWE-905 | Category | CWE-888 | |
Demonstrative ExamplesNone
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Insufficient entropy in PRNG | |
| CERT Java Secure Coding | MSC02-J | Generate strong random numbers | |
References:
- Information Technology Laboratory, National Institute of
Standards and Technology .SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC
MODULES. 2001-05-25.
