CWE-337 PRNG中使用可预测种子
Predictable Seed in Pseudo-Random Number Generator (PRNG)
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: unkown
基本描述
A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.
扩展描述
The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numnbers will be generated by the PRNG.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 335 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 335 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Varies by Context |
可能的缓解方案
策略:
Use non-predictable inputs for seed generation.
MIT-2 ['Architecture and Design', 'Requirements']
策略: Libraries or Frameworks
Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
MIT-50 Implementation
策略:
Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.
示例代码
例
Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:
bad Java
int accountID = random.nextInt();
bad C
int randNum = rand();
An attacker can easily predict the seed used by these PRNGs, and so also predict the stream of random numbers generated. Note these examples also exhibit CWE-338 (Use of Cryptographically Weak PRNG).
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Predictable Seed in PRNG | ||
| The CERT Oracle Secure Coding Standard for Java (2011) | MSC02-J | Generate strong random numbers |