BaseDraft

CWE-1241Use of Predictable Algorithm in Random Number Generator

Category: other

Description

The device uses an algorithm that is predictable and generates a pseudo-random number.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 2

  • [Architecture and Design]It is highly recommended to use a true random number generator (TRNG) to ensure the security of encryption schemes. Hardware-based TRNGs generate unpredictable, unbiased, and independent random numbers because they employ physical phenomena, e.g., electrical noise, as sources to generate random numbers.
  • [Implementation]It is highly recommended to use a true random number generator (TRNG) to ensure the security of encryption schemes. Hardware-based TRNGs generate unpredictable, unbiased, and independent random numbers because they employ physical phenomena, e.g., electrical noise, as sources to generate random numbers.

Related CAPEC attack patterns· 1

CAPEC-97

References

  1. https://cwe.mitre.org/data/definitions/1241.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternCryptanalysiscapec-97100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Predictable Value Range from Previous Values
CWE
Same Seed in Pseudo-Random Number Generator (PRNG)
CWE
Predictable Seed in Pseudo-Random Number Generator (PRNG)
CWE
Insufficient Entropy
CWE
Use of Insufficiently Random Values
CWE
Improper Handling of Insufficient Entropy in TRNG
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.