Difference between revisions of "Insufficient entropy in pseudo-random number generator"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
 
+
<br>
__TOC__
+
  
 
[[ASDR Table of Contents]]
 
[[ASDR Table of Contents]]

Revision as of 21:36, 17 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



ASDR Table of Contents

Last revision (mm/dd/yy): 02/17/2009

Description

The lack of entropy available for, or used by, a PRNG can be a stability and security threat.

Consequences

  • Availability: If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
  • Authentication: If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users. In this case, potentially a password could be discovered.

Exposure period

  • Design through Implementation: It is important - if one is utilizing randomness for important security - to use the best random numbers available.

Platform

  • Languages: Any
  • Operating platforms: Any

Required resources

Any

Severity

Medium

Likelihood of exploit

Medium

When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator which always uses strong random data - i.e., a random number generator which attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally something which always provides a predictable amount of strength is preferable and should be used.


Risk Factors

TBD


Examples

In C/C++ or Java:

while (1){
  if (OnConnection()){
    if (PRNG(...)){
      //use the random bytes
    }
    else {
      //cancel the program
  }

Related Attacks


Related Vulnerabilities


Related Controls

  • Implementation: Perform FIPS 140-1 tests on data to catch obvious entropy problems.
  • Implementation: Consider a PRNG which re-seeds itself, as needed from a high quality pseudo-random output, like hardware devices.


Related Technical Impacts


References

TBD