CWE-333: Improper Handling of Insufficient Entropy in TRNG

Description

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

Extended Description

The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.

ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Architecture and Design	N/A
Implementation	REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Common Consequences

Impact: DoS: Crash, Exit, or Restart — Notes: A program may crash or block if it runs out of random numbers.

Potential Mitigations

Implementation: Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created. (N/A)

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

Intro: This code uses a TRNG to generate a unique session id for new connections to a server:

Body: This code does not attempt to limit the number of new connections or make sure the TRNG can successfully generate a new random number. An attacker may be able to create many new connections and exhaust the entropy of the TRNG. The TRNG may then block and cause the program to crash or hang.

while (1){ if (haveNewConnection()){ if (hwRandom()){ int sessionID = hwRandom(); createNewConnection(sessionID); } } }

Notes

Maintenance: As of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.

← Back to CWE list