SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 55

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Java API provides a PRNG, the java.util.Random class. This PRNG is portable and repeatable. Consequently, if two random instances are created using the same seed, they generate identical sequences of numbers in all Java implementations. Sometimes the same seed is reused on application initialization or after every system reboot. At other times, the current time obtained from the system clock is used to derive the seed. An adversary can learn the value of the seed by performing some reconnaissance on the remote server vulnerable target and proceed to build a lookup table for estimating future seed values.

Noncompliant Code Example

If the same seed value is used, the same sequence of numbers is obtained; as a result, the numbers are not "random". This noncompliant code example uses the insecure java.util.Random class.

Code Block
bgColor#FFCCCC
import java.util.Random;
// ...

Random number = new Random(123L);
//...
for (int i = 0; i < 20; i++) {
  // Generate another random integer in the range [0, 20]
  int n = number.nextInt(21);
  System.out.println(n);
}

There are cases where the same sequence of random numbers is desirable, such as when running regression tests of program behavior. In other applications, generating the same sequence of random numbers may expose a vulnerability.

Compliant Solution

This compliant solution uses the java.security.SecureRandom class to produce high quality random numbers.

Code Block
bgColor#ccccff
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...

public static void main (String args[]) {
   try {
     SecureRandom number = SecureRandom.getInstance("SHA1PRNG");
     // Generate 20 integers 0..20
     for (int i = 0; i < 20; i++) {
       System.out.println(number.nextInt(21));
     }
   }
   catch (NoSuchAlgorithmException nsae) { 
     // Forward to handler
   }
}

Exceptions

MSC30-EX1: Using a null seed value (as opposed to reusing it) may improve security marginally but should only be used for non-critical applications. Java's default seed uses the system's time in milliseconds. This exception is not recommended for applications requiring high security (for instance, session IDs should be adequately random). When used, explicit documentation of this exception is encouraged.

...

For noncritical cases, such as adding some randomness to a game, the use of class Random class is considered finepermitted. However, it is worth reiterating that the resulting low entropy random numbers are not random enough to be used for more serious applications, such as cryptography.

Risk Assessment

Predictable random number sequences can weaken the security of critical applications such as cryptography.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MSC02- J

high

probable

medium

P12

L1

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C Secure Coding Standard as MSC30-C. Do not use the rand() function for generating pseudorandom numbers.

This rule appears in the C++ Secure Coding Standard as MSC30-CPP. Do not use the rand() function for generating pseudorandom numbers.

References

Wiki Markup
\[[API 06|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]\]&nbsp;[Class Random|http://java.sun.com/javase/6/docs/api/java/util/Random.html]
\[[API 06|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]\] [Class SecureRandom|http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html]
\[[Find Bugs 08|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]\] BC: Random objects created and used only once
\[[Monsch 06|AA. Java References#Monsch 06]\]
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 330|http://cwe.mitre.org/data/definitions/330.html] "Use of Insufficiently Random Values", [CWE ID 327 |http://cwe.mitre.org/data/definitions/327.html], "Use of a Broken or Risky Cryptographic Algorithm," [CWE ID 330|http://cwe.mitre.org/data/definitions/330.html], "Use of Insufficiently Random Values", [CWE ID 333| http://cwe.mitre.org/data/definitions/333.html] "Failure to Handle Insufficient Entropy in TRNG", [CWE ID 332|http://cwe.mitre.org/data/definitions/332.html] "Insufficient Entropy in PRNG", [CWE ID 337|http://cwe.mitre.org/data/definitions/337.html] "Predictable Seed in PRNG", [CWE ID 336|http://cwe.mitre.org/data/definitions/336.html] "Same Seed in PRNG"

...