Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Consequently, the java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

...

This noncompliant code example uses the insecure java.util.Random class. This class produces an identical sequence of numbers for each given seed value; consequently, the sequence of numbers is predictable.

Code Block
bgColor#FFCCCC

import java.util.Random;
// ...

Random number = new Random(123L);
//...
for (int i = 0; i < 20; i++) {
  // Generate another random integer in the range [0, 20]
  int n = number.nextInt(21);
  System.out.println(n);
}

...

This compliant solution uses the java.security.SecureRandom class to produce high-quality random numbers:

Code Block
bgColor#ccccff
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...

public static void main (String args[]) {
  SecureRandom number = new SecureRandom();
  // Generate 20 integers 0..20
  for (int i = 0; i < 20; i++) {
    System.out.println(number.nextInt(21));
  }
}

Compliant Solution (Java 8)

This compliant solution uses the SecureRandom.getInstanceStrong() method, introduced in Java 8, to use a strong RNG algorithm, if one is available.

Code Block
bgColor#ccccff

import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...

public static void main (String args[]) {
   try {
     SecureRandom number = SecureRandom.getInstancegetInstanceStrong("SHA1PRNG");
     // Generate 20 integers 0..20
     for (int i = 0; i < 20; i++) {
       System.out.println(number.nextInt(21));
     }
   } catch (NoSuchAlgorithmException nsae) { 
     // Forward to handler
   }
}

Exceptions

Wiki Markup*MSC02MSC02-J-EX0:* Using the default constructor for {{java.util.Random}} applies a seed value that is "very likely to be distinct from any other invocation of this constructor" \[ [API 2006|AA. References#API 06]\] and may improve security marginally. As a result, it may be used only for noncritical applications operating on nonsensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is 2014] and may improve security marginally. As a result, it may be used only for noncritical applications operating on nonsensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is required.

Code Block
bgColor#ccccff

import java.util.Random;
// ...

Random number = new Random(); // Used only used for demo purposes
int n;
//...
for (int i = 0; i < 20; i++) {
  // Re-seedReseed generator
  number = new Random();
  // Generate another random integer in the range [0, 20]
  n = number.nextInt(21);
  System.out.println(n);
}

For noncritical cases, such as adding some randomness to a game or unit testing, the use of class Random is acceptable. However, it is worth reiterating that the resulting low-entropy random numbers are insufficiently random to be used for more security-critical applications, such as cryptography.

MSC02-J-EX1: Predictable sequences of pseudorandom numbers are required in some cases, such as when running regression tests of program behavior. Use of the insecure java.util.Random class is permitted in such cases. However, security-related applications may invoke this exception only for testing purposes; this exception may not be applied in a production context.

...

Predictable random number sequences can weaken the security of critical applications such as cryptography.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC02-J

high

High

probable

Probable

medium

Medium

P12

L1

Automated Detection

Tool
Version
Checker
Description
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.HARDCODED.SEED
JAVA.LIB.RAND.FUNC
JAVA.CRYPTO.RCF
JAVA.CRYPTO.RA
JAVA.CRYPTO.RF
JAVA.CRYPTO.BASE64
JAVA.CRYPTO.WHAF
AVA.LIB.RAND.LEGACY.GEN

Hardcoded Random Seed (Java)
Insecure Random Number Generator (Java)
Risky Cipher Field (Java)
Risky Cryptographic Algorithm (Java)
Risky Cryptographic Field (Java)
Unsafe Base64 Encoding (Java)
Weak Hash Algorithm Field (Java)
Legacy Random Generator (Java)

Coverity7.5RISKY_CRYPTOImplemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CRT.MSC02.SRDUse 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()'
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2245

Related Vulnerabilities

CVE-2006-6969 describes a vulnerability that enables attackers to guess session identifiers, bypass authentication requirements, and conduct cross-site request forgery attacks.

Related Guidelines

SEI CERT C

Secure

Coding Standard

MSC30-C. Do not use the

{{

rand()

}}

function for generating pseudorandom numbers

SEI CERT C++

Secure

Coding Standard

MSC30

MSC50-CPP. Do not use

the {{

std::rand()

}} function

for generating pseudorandom numbers

MITRE CWE

CWE-327

.

, Use of a

broken or risky cryptographic algorithm  

Broken or Risky Cryptographic Algorithm

CWE-330

.

, Use of

insufficiently random values  

Insufficiently Random Values

CWE-332

.

, Insufficient

entropy

Entropy in PRNG

 

CWE-336

.

, Same

seed

Seed in PRNG

 

CWE-337

.

, Predictable

seed

Seed in PRNG

Bibliography

...


[

[API

2006AA. References#API 06]

2014

[

Class Random

http://java.sun.com/javase/6/docs/api/java/util/Random.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4f4e5e51-265c-4d19-bde0-12484f4594e9"><ac:plain-text-body><![CDATA[

[[API 2006

AA. References#API 06]]

[Class SecureRandom

http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html]

]]></ac:plain-text-body></ac:structured-macro>

 Class SecureRandom

[FindBugs 2008

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="543ba795-c1a5-4896-a3ff-888673ca8425"><ac:plain-text-body><![CDATA[

[[FindBugs 2008

AA. References#FindBugs 08]<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8ae8e837-54bb-49b0-a4fe-00956b05b170"><ac:plain-text-body><![CDATA

]

BC. Random objects created and used only once

]]></ac:plain-text-body></ac:structured-macro>


[

[[

Monsch 2006

AA. References#Monsch 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

]



...

Image Added Image Added Image Removed      49. Miscellaneous (MSC)      Image Modified