CWE-339

Small Seed Space in PRNG

A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.

Mitigation

Phase: Architecture and Design

Description:

  • Use well vetted pseudo-random number generating algorithms with adequate length seeds. Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation ID: MIT-2

Phases: Architecture and Design, Requirements

Strategy: Libraries or Frameworks

Description:

  • Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems, or use the more recent FIPS 140-3 [REF-1192] if possible.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page