...
Pseudorandom number generators (PRNGs) use deterministic mathematical algorithms algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. PRNGs usually start with an arithmetic seed value. The algorithm uses this seed to generate an output value and a new seed as well, which is used to generate the next value, and so on.
The Java API provides a PRNG, the java.util.Random class. This PRNG is portable and repeatable. As a consequence of thatConsequently, if two random instances are created using the same seed, they will generate identical sequences of numbers in all Java implementations. Sometimes the same seed is reused upon on application initialization or after every system reboot. At other times, the current time obtained from the system clock is used to derive the seed. An adversary can learn the value of the seed by performing some reconnaissance on the remote server and proceed to build a lookup table for estimating future seed values.
Noncompliant Code Example
If you use the same seed value is used, you will always get the same sequence of numbers is obtained; as a result they will not be , the numbers are not "random".
| Code Block | ||
|---|---|---|
| ||
import java.util.Random; // ... Random number = new Random(123L); //... for (int i=0; i<20; i++) { // generate another random integer in the range [0,20] int n = number.nextInt(21); System.out.println(n); } |
There are cases of course, where the same sequence of random numbers is desirable, such as when running regression tests of program behavior. OtherwiseIn other applications, generating the same sequence of random numbers may cause expose a vulnerability.
Compliant Solution
This compliant solution uses the java.security.SecureRandom class to produce high quality random numbers.
| Code Block | ||
|---|---|---|
| ||
import java.security.SecureRandom; import java.security.NoSuchAlgorithmException; // ... public static void main (String args[]) { try { SecureRandom number = SecureRandom.getInstance ("SHA1PRNG"); // generate 20 integers 0..20 for (int i=0; i<20; i++) { System.out.println(number.nextInt(21)); } } catch (NoSuchAlgorithmException nsae) { /* forward to handlehandler */ } } |
Exceptions
MSC30-EX1: Using a null seed value (as opposed to reusing it) may improve security marginally but should only be used for non-critical applications. Java's default seed uses the system's time in milliseconds. This exception is not recommended for applications requiring high security (for instance, session IDs should not use this). When used, explicit documentation of this exception is encouraged.
| Code Block | ||
|---|---|---|
| ||
import java.util.Random; // ... Random number = new Random(); int n; //... for (int i=0; i<20; i++) { // re-seed generator number = new Random(); // generate another random integer in the range [0,20] n = number.nextInt(21); System.out.println(n); } |
For noncritical cases, such as adding some randomness to a game, the Random class is considered fine. However, we reiterate it is worth reiterating that the resulting low entropy random numbers are not random enough to be used for more serious applications, such as cryptography.
Risk Assessment
Predictable random number sequences can weaken the security of security critical applications such as cryptography.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC30- J | high | probable | medium | P12 | L1 |
...