CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

What is Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)?

• Overview: Incorrect usage of seeds in a Pseudo-Random Number Generator (PRNG) occurs when the seeds used to initialize PRNGs are not managed securely, which can lead to predictable outputs. PRNGs require cryptographically secure and unique seeds to function correctly and maintain security.

• Exploitation Methods:

• Attackers can exploit this vulnerability by predicting the PRNG output if they can ascertain or guess the seed.
• Common attack patterns involve timing attacks where attackers estimate the seed based on known seeding methods like using the current time.

• Security Impact:

• Direct consequences of successful exploitation include the ability to predict future and past PRNG outputs.
• Potential cascading effects include compromised cryptographic operations such as encryption keys and secure token generation.
• Business impact may involve data breaches, financial losses, and reputational damage due to weakened security measures.

• Prevention Guidelines:

• Use a cryptographically secure source to generate seeds, ensuring they are complex and not easily guessable.
• Protect seeds as cryptographic material, similar to protecting cryptographic keys.
• Avoid using predictable values like the current time or fixed numbers as seeds.
• Regularly update and refresh the seed to prevent reuse and reduce exposure time.
• Utilize libraries and frameworks that provide secure PRNG implementations, such as those adhering to industry standards for cryptographic operations.

Corgea can automatically detect and fix Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: Not Language-Specific

Affected Technologies: Not specified

Vulnerable Code Example

Python Example

import random

def generate_random_numbers():
    # Incorrectly using a predictable seed, such as a fixed number
    random.seed(42)  # This makes the random sequence predictable
    
    # Generating random numbers with a predictable sequence
    numbers = [random.randint(0, 100) for _ in range(5)]
    return numbers

print(generate_random_numbers())

Explanation:

• Line 3: The use of a fixed seed value (42) makes the sequence of random numbers predictable. This can be exploited if an attacker knows or guesses the seed.
• Line 5-6: The numbers generated are not truly random because the seed is static, resulting in the same sequence every time the program runs.

How to fix Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)?

To fix this vulnerability, you should:

1. Avoid using a fixed seed for random number generation in contexts where randomness is required for security.
2. Use non-predictable, dynamic seed values such as those derived from the system time or a secure random source.
3. For security-sensitive operations, consider using a cryptographically secure random number generator such as random.SystemRandom or the secrets module in Python, which does not require manual seeding and provides more secure random values.

Fixed Code Example

Python Example

import random
import time
import secrets

def generate_random_numbers():
    # Using a dynamic seed based on the current time
    random.seed(time.time())  # This provides a different sequence each time
    
    # Alternatively, use a cryptographically secure generator:
    # secure_random = secrets.SystemRandom()
    
    # Generating random numbers with a dynamic seed
    numbers = [random.randint(0, 100) for _ in range(5)]
    return numbers

print(generate_random_numbers())

Explanation:

• Line 3-4: A dynamic seed based on the current time ensures that the sequence of numbers is different each time the program runs, though it's still not suitable for high-security needs.
• Line 7-8: The random numbers are now generated with a less predictable sequence. For applications requiring more security, you can use the secrets.SystemRandom() (commented out in the code), which uses system-level randomness sources and does not require explicit seeding.

By using the secrets module or random.SystemRandom(), you ensure that the randomness is suitable for cryptographic purposes, making it much harder for an attacker to predict the sequence.