VariantDraft

CWE-333Improper Handling of Insufficient Entropy in TRNG

Category: other

Description

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block. The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.

Common consequences· 1

  • Availability — DoS: Crash, Exit, or Restart
    A program may crash or block if it runs out of random numbers.

Potential mitigations· 1

  • [Implementation]Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created.

References

  1. https://cwe.mitre.org/data/definitions/333.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Insufficient Entropy in PRNG
CWE
Small Seed Space in PRNG
CWE
Cryptographic Operations are run Before Supporting Units are Ready
CWE
Same Seed in Pseudo-Random Number Generator (PRNG)
CWE
Use of Predictable Algorithm in Random Number Generator
CWE
Predictable Seed in Pseudo-Random Number Generator (PRNG)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.