Improper Handling of Insufficient Entropy in TRNG
Draft Variant
Structure: Simple
Description
True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.
The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.
Common Consequences 1
Scope: Availability
Impact: DoS: Crash, Exit, or Restart
A program may crash or block if it runs out of random numbers.
Potential Mitigations 1
Phase: Implementation
Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created.
Demonstrative Examples 1
This code uses a TRNG to generate a unique session id for new connections to a server:
Code Example:
Bad
C
cThis code does not attempt to limit the number of new connections or make sure the TRNG can successfully generate a new random number. An attacker may be able to create many new connections and exhaust the entropy of the TRNG. The TRNG may then block and cause the program to crash or hang.
References 1
The CLASP Application Security Process
Secure Software, Inc.
2005
ID: REF-18
Likelihood of Exploit
Low
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Architecture and Design
Implementation
Related Weaknesses
Taxonomy Mapping
- CLASP
- The CERT Oracle Secure Coding Standard for Java (2011)
Notes
MaintenanceAs of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.