Difference between revisions of "Insufficient entropy in pseudo-random number generator"

From OWASP
Jump to: navigation, search
(Examples)
m (Insufficient entropy in PRNG moved to Insufficient entropy in pseudo-random number generator)

Revision as of 11:08, 16 May 2006



Overview

The lack of entropy available for, or used by, a PRNG can be a stability and security threat.

Consequences

  • Availability: If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
  • Authentication: If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users. In this case, potentially a password could be discovered.

Exposure period

  • Design through Implementation: It is important - if one is utilizing randomness for important security - to use the best random numbers available.

Platform

  • Languages: Any
  • Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

Avoidance and mitigation

  • Implementation: Perform FIPS 140-1 tests on data to catch obvious entropy problems.
  • Implementation: Consider a PRNG which re-seeds itself, as needed from a high quality pseudo-random output, like hardware devices.

Discussion

When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator which always uses strong random data - i.e., a random number generator which attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally something which always provides a predictable amount of strength is preferable and should be used.

Examples

In C/C++ or Java:

while (1){
  if (OnConnection()){
    if (PRNG(...)){
      //use the random bytes
    }
    else (PRNG(...)) {
      //cancel the program
  }

Related problems

Not available.

Categories