Insufficient entropy in pseudo-random number generator

From OWASP

Overview

The lack of entropy available for, or used by, a PRNG can be a stability and security threat.

Consequences

• Availability: If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.

• Authentication: If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users. In this case, potentially a password could be discovered.

Exposure period

• Design through Implementation: It is important - if one is utilizing randomness for important security - to use the best random numbers available.

Platform

• Languages: Any

• Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

Avoidance and mitigation

• Implementation: Perform FIPS 140-1 tests on data to catch obvious entropy problems.

• Implementation: Consider a PRNG which re-seeds itself, as needed from a high quality pseudo-random output, like hardware devices.

Discussion

When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator which always uses strong random data - i.e., a random number generator which attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally something which always provides a predictable amount of strength is preferable and should be used.

Examples

In C/C++ or Java:

while (1){
  if (OnConnection()){
    if (PRNG(...)){
      //use the random bytes
    }
    else {
      //cancel the program
  }

Related problems

Not available.