Pseudorandom number generators (PRNGs) use deterministic mathematical algorithms to produce a sequence of numbers with good statistical properties. However, but the sequences of numbers produced fail to achieve true randomness. PRNGs usually start with an arithmetic seed value. The algorithm uses this seed to generate an output value and a new seed, which is used to generate the next value, and so on.
The Java API provides a PRNG, the java.util.Random class. This PRNG is portable and repeatable. Consequently, two instances of the java.util.Random class that are created using the same seed will generate identical sequences of numbers in all Java implementations. Seed values are often reused on application initialization or after every system reboot. In other cases, the seed is derived from the current time obtained from the system clock. An attacker can learn the value of the seed by performing some reconnaissance on the vulnerable target , and can then build a lookup table for estimating future seed values.
...
| Code Block | ||
|---|---|---|
| ||
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...
public static void main (String args[]) {
try {
SecureRandom number = SecureRandom.getInstance("SHA1PRNG");
// Generate 20 integers 0..20
for (int i = 0; i < 20; i++) {
System.out.println(number.nextInt(21));
}
} catch (NoSuchAlgorithmException nsae) {
// Forward to handler
}
}
|
Exceptions
MSC02-EX0: Using the default constructor for java.util.Random applies a seed value that is "very likely to be distinct from any other invocation of this constructor" /[API 2006/] and may improve security marginally. As a result, it may only be used only for non-critical noncritical applications operating on non-sensitive nonsensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is required.
| Code Block | ||
|---|---|---|
| ||
import java.util.Random;
// ...
Random number = new Random(); // only used for demo purposes
int n;
//...
for (int i = 0; i < 20; i++) {
// Re-seed generator
number = new Random();
// Generate another random integer in the range [0, 20]
n = number.nextInt(21);
System.out.println(n);
}
|
For non-critical noncritical cases, such as adding some randomness to a game or unit testing, the use of class Random is acceptable. However, it is worth reiterating that the resulting low entropy random numbers are insufficiently random to be used for more serious security-critical applications, such as cryptography.
MSC02-EX1: There are cases where predictable Predictable sequences of pseudo-random pseudorandom numbers are required in some cases, such as when running regression tests of program behavior. Use of the insecure java.util.Random class is permitted in such cases. However, security-related applications may invoke this exception only for testing purposes; it is inapplicable in a production context.
...
MSC30-C. Do not use the {{rand()}} function for generating pseudorandom numbers | |||
MSC30-CPP. Do not use the {{rand()}} function for generating pseudorandom numbers | |||
CWE-327, ". Use of a Broken or Risky Cryptographic Algorithm" broken or risky cryptographic algorithm | |||
| CWE-330, ". Use of Insufficiently Random Values" insufficiently random values | ||
| CWE-332, ". Insufficient Entropy entropy in PRNG " |
| CWE-333, "Improper Handling of Insufficient Entropy in TRNG" |
| CWE-336, ". Same Seed seed in PRNG " | ||
| CWE-337, ". Predictable Seed seed in PRNG " |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4059d044f3a23686-7846b536-4f884b92-a392bba6-3cc3d30cd9240ca65639d9fe"><ac:plain-text-body><![CDATA[ | [[API 2006 | https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]] | [Class | http://java.sun.com/javase/6/docs/api/java/util/Random.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="83eeb4a822d8a579-4ba79e97-4cd246a5-b48c81ba-d1a74f04b54b22252015ec8c"><ac:plain-text-body><![CDATA[ | [[API 2006 | https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]] | [Class | http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fc6382ab96cc17e5-87b09e7c-451a4e6b-921698d9-e63c7c76f1be50d5e20c65fd"><ac:plain-text-body><![CDATA[ | [[Find Bugs 2008 | https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]] | BC: Random objects created and used only once | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c96144e6bc539ffe-3e508010-4ce04c6d-aa0dad4c-582c0eea601c11d73e677c0d"><ac:plain-text-body><![CDATA[ | [[Monsch 2006 | AA. Bibliography#Monsch 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
...