...
Code Block | ||
---|---|---|
| ||
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...
public static void main (String args[]) {
SecureRandom number = new SecureRandom();
// Generate 20 integers 0..20
for (int i = 0; i < 20; i++) {
System.out.println(number.nextInt(21));
}
}
|
Compliant Solution (Java 8)
This compliant solution uses the SecureRandom.getInstanceStrong()
method, introduced in Java 8, to use a strong RNG algorithm, if one is available.
Code Block | ||
---|---|---|
| ||
import java.security.SecureRandom; import java.security.NoSuchAlgorithmException; // ... public static void main (String args[]) { try { SecureRandom number = SecureRandom.getInstancegetInstanceStrong("SHA1PRNG"); // Generate 20 integers 0..20 for (int i = 0; i < 20; i++) { System.out.println(number.nextInt(21)); } } catch (NoSuchAlgorithmException nsae) { // Forward to handler } } |
Exceptions
MSC02-J-EX0: Using the default constructor for java.util.Random
applies a seed value that is "very likely to be distinct from any other invocation of this constructor" [API 2014] and may improve security marginally. As a result, it may be used only for noncritical applications operating on nonsensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is required.
...
Predictable random number sequences can weaken the security of critical applications such as cryptography.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC02-J | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| JAVA.HARDCODED.SEED | Hardcoded Random Seed (Java) | ||||||
Coverity | 7.5 | RISKY_CRYPTO | Implemented | ||||||
Parasoft Jtest |
| CRT.MSC02.SRD | Use 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()' | |||||||
SonarQube |
| S2245 |
Related Vulnerabilities
CVE-2006-6969 describes a vulnerability that enables attackers to guess session identifiers, bypass authentication requirements, and conduct cross-site request forgery attacks.
Related Guidelines
MSC30-C. Do not use the rand() function for generating pseudorandom numbers | |
MSC50-CPP. Do not use std::rand() for generating pseudorandom numbers | |
CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values CWE-332, Insufficient Entropy in PRNG CWE-336, Same Seed in PRNG CWE-337, Predictable Seed in PRNG |
Bibliography
...
...
...