Insufficient Entropy

Revision as of 06:32, 26 May 2009 by Deleted user (talk | contribs)

Jump to: navigation, search

[ roddick hewitt australian open ] [ online auctions ebay auto auction ] [ refinance balloon auto ] [ auto diego part san used ] [ tenodera australasiae ] japanese vehicles in south africa [ australia sydney tours ] [ australia backpackers jobs ] stan olsen auto omaha [ african queen lyrics ] domain [ norton antivirus 2005 serial ] [ colonial mutual life insurance+australia ] [ trend antivirus scan ] [ asia deal flight information religion travel ] [ auto cad dwf composer download ] [ nashville auto body paint shop ] avg free antivirus [ a australia in invitation letter of to visit ] [ british tourist authority australia ] [ car accident claim auto cheap insurance ] http links africa history togo [ norton antivirus website ] [ information on the tsunami that hit asia ] african american appointed court first supreme us [ organization of african unity charter ] [ cable tv australia ] [ antivirus software adaware ] [ long distance phone cards australia ] [ africa big brother ] [ explore asia ] [ autoroute racer ] [ buy autocad 2004 ] [ pandasoft antivirus english ] [ cny auto ] [ asian american family counseling center houston ] [ western australian government railways commission ] [ auto sell by privat party ] escan antivirus toolkit crack domain [ uk auto salvage auctions ] [ automotive supplier tool ] [ south africa travel agency ] [ disable norton antivirus firewall ] [ jutas south africa ] [ lowy institute australia ] [ one way car rentals australia ] domain

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


When an undesirably low amount of entropy is available. Psuedo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet.

Risk Factors




Related Attacks

  • In many case,s a PRNG uses a combination of the system clock and entropy to create seed data. If insufficient entropy is available, an attacker can reduce the size magnitude of the seed value considerably. Furthermore, by guessing values of the system clock, they can create a manageable set of possible PRNG outputs.

Related Vulnerabilities

Related Controls

  • Many PRNG's (/dev/random and /dev/urandom for example) store their last value before shutdown. By using this value at intialization, they can sometimes avoid insufficient or predictable starting entropy.

Related Technical Impacts