CWE-339: Small Seed Space in PRNG

Description

A Pseudo-Random Number Generator (PRNG) uses a relatively small seed space, which makes it more susceptible to brute force attacks.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE

Extended Description

PRNGs are entirely deterministic once seeded, so it should be extremely difficult to guess the seed. If an attacker can collect the outputs of a PRNG and then brute force the seed by trying every possibility to see which seed matches the observed output, then the attacker will know the output of any subsequent calls to the PRNG. A small seed space implies that the attacker will have far fewer possible values to try to exhaust all possibilities.

Example Vulnerable Codes

Example - 1

This code grabs some random bytes and uses them for a seed in a PRNG, in order to generate a new cryptographic key.

// # getting 2 bytes of randomness for the seeding the PRNG // 
seed = os.urandom(2)random.seed(a=seed)key = random.getrandbits(128)

Since only 2 bytes are used as a seed, an attacker will only need to guess 2^16 (65,536) values before being able to replicate the state of the PRNG.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Go to

CWE-341: Predictable from Observable State

Go to

Visit http://cwe.mitre.org/ for more details.