Skip to content

MASWE-0027: Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Content in BETA

This content is in beta and still under active development, so it is subject to change any time (e.g. structure, IDs, content, URLs, etc.).

Send Feedback

Overview

A pseudorandom number generator (PRNG) algorithm generates sequences based on a seed that may be predictable. Common implementations are not cryptographically secure. For example, they typically use a linear congruential formula, allowing an attacker to predict future outputs, given enough observed outputs. Therefore, it is not suitable for security-critical applications or protecting sensitive data.

Impact

  • Bypass Protection Mechanism: Using a non-cryptographically secure PRNG in a security context, such as authentication, poses significant risks. An attacker could potentially guess the generated numbers and gain access to privileged data or functionality. Predicting or regenerating random numbers can lead to encryption breaches, compromise sensitive user information, or enable user impersonation.

Modes of Introduction

  • Insecure Random APIs: The app may use many existing APIs to generate random numbers insecurely.
  • Non-random Sources: The app may use custom methods to create "supposedly random" values, using non-random sources such as the current time.

Mitigations

For security relevant contexts, use cryptographically secure random numbers.

In general, it is strongly recommended not to use any random function in a deterministic way, even if it's a secure one, especially those involving hardcoded seed values (which are vulnerable to exposure by decompilation).

Refer to the RFC 1750 - Randomness Recommendations for Security and the OWASP Cryptographic Storage Cheat Sheet - Secure Random Number Generation for more information and recommendations on random number generation.

Tests