Difference between revisions of "Insufficient Entropy"
(→Description: added basic definition)
|Line 8:||Line 8:|
Revision as of 14:59, 12 February 2007
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
When an undesirably low amount of random data is available. Psuedo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized because random data may not be available to them yet.
In many cases a PRNG uses a combination of the system clock and entropy to create seed data. In the case where insufficient entropy is available, an attacker can reduce the size magnitude of the seed value considerably. Furthermore, by guessing values of the system clock, they can create a manageable set of possible PRNG outputs.