Insufficient entropy in pseudo-random number generator

Revision as of 17:44, 13 April 2006 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


The lack of entropy available for, or used by, a PRNG can be a stability and security threat.


  • Availability: If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
  • Authentication: If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users. In this case, potentially a password could be discovered.

Exposure period

  • Design through Implementation: It is important - if one is utilizing randomness for important security - to use the best random numbers available.


  • Languages: Any
  • Operating platforms: Any

Required resources




Likelihood of exploit


Avoidance and mitigation

  • Implementation: Perform FIPS 140-1 tests on data to catch obvious entropy problems.
  • Implementation: Consider a PRNG which re-seeds itself, as needed from a high quality pseudo-random output, like hardware devices.


When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator which always uses strong random data - i.e., a random number generator which attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally something which always provides a predictable amount of strength is preferable and should be used.


In C/C++ or Java:

while (1){

 if (OnConnection()){
   if (PRNG(...)){
     //use the random bytes
   else (PRNG(...)) {
     //cancel the program

Related problems

Not available.