-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathInsecureRandomness.qhelp
More file actions
64 lines (55 loc) · 2.73 KB
/
InsecureRandomness.qhelp
File metadata and controls
64 lines (55 loc) · 2.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
If you use a cryptographically weak pseudo-random number generator to generate security-sensitive values,
such as passwords, attackers can more easily predict those values.
</p>
<p>
Pseudo-random number generators generate a sequence of numbers that only approximates the properties
of random numbers. The sequence is not truly random because it is completely determined by a
relatively small set of initial values (the seed). If the random number generator is
cryptographically weak, then this sequence may be easily predictable through outside observations.
</p>
</overview>
<recommendation>
<p>
The <code>java.util.Random</code> random number generator is not cryptographically secure. Use a secure random number generator such as <code>java.security.SecureRandom</code> instead.
</p>
<p>
Use a cryptographically secure pseudo-random number generator if the output is to be used in a
security-sensitive context. As a general rule, a value should be considered "security-sensitive"
if predicting it would allow the attacker to perform an action that they would otherwise be unable
to perform. For example, if an attacker could predict the random password generated for a new user,
they would be able to log in as that new user.
</p>
</recommendation>
<example>
<p>
The following examples show different ways of generating a cookie with a random value.
</p>
<p>
In the first (BAD) case, we generate a fresh cookie by appending a random integer to the end of a static
string. The random number generator used (<code>Random</code>) is not cryptographically secure,
so it may be possible for an attacker to predict the generated cookie.
</p>
<sample src="examples/InsecureRandomnessCookie.java" />
<p>
In the second (GOOD) case, we generate a fresh cookie by appending a random integer to the end of a static
string. The random number generator used (<code>SecureRandom</code>) is cryptographically secure,
so it is not possible for an attacker to predict the generated cookie.
</p>
<sample src="examples/SecureRandomnessCookie.java" />
</example>
<references>
<li>Wikipedia: <a href="http://en.wikipedia.org/wiki/Pseudorandom_number_generator">Pseudo-random number generator</a>.</li>
<li>
Java Docs: <a href="http://docs.oracle.com/javase/8/docs/api/java/util/Random.html">Random</a>.
</li>
<li>
Java Docs: <a href="http://docs.oracle.com/javase/8/docs/api/java/security/SecureRandom.html">SecureRandom</a>.
</li>
</references>
</qhelp>