CWE-332 PRNG中信息熵不充分

Insufficient Entropy in PRNG

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: Medium

基本描述

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围	影响	注释
Availability	DoS: Crash, Exit, or Restart	If a pseudo-random number generator is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
['Access Control', 'Other']	['Bypass Protection Mechanism', 'Other']	If a PRNG is using a limited entropy source which runs out, and the generator fails open, the generator could produce predictable random numbers. Potentially a weak source of random numbers could weaken the encryption method used for authentication of users.

可能的缓解方案

MIT-2 ['Architecture and Design', 'Requirements']

策略: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

Implementation

策略:

Consider a PRNG that re-seeds itself as needed from high-quality pseudo-random output, such as hardware devices.

Architecture and Design

策略:

When deciding which PRNG to use, look at its sources of entropy. Depending on what your security needs are, you may need to use a random number generator that always uses strong random data -- i.e., a random number generator that attempts to be strong but will fail in a weak way or will always provide some middle ground of protection through techniques like re-seeding. Generally, something that always provides a predictable amount of strength is preferable.

分类映射

映射的分类名	ImNode ID	Fit	Mapped Node Name
CLASP			Insufficient entropy in PRNG
The CERT Oracle Secure Coding Standard for Java (2011)	MSC02-J		Generate strong random numbers

引用

REF-267 SECURITY REQUIREMENTS FOR CRYPTOGRAPHIC MODULES

VULHUB ™