CWE-337 PRNG中使用可预测种子

Predictable Seed in Pseudo-Random Number Generator (PRNG)

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: unkown


A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.


The use of predictable seeds significantly reduces the number of possible seeds that an attacker would need to test in order to predict which random numnbers will be generated by the PRNG.


  • cwe_Nature: ChildOf cwe_CWE_ID: 335 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 335 cwe_View_ID: 699 cwe_Ordinal: Primary


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
Other Varies by Context



Use non-predictable inputs for seed generation.

MIT-2 ['Architecture and Design', 'Requirements']

策略: Libraries or Frameworks

Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").

MIT-50 Implementation


Use a PRNG that periodically re-seeds itself using input from high-quality sources, such as hardware devices with high entropy. However, do not re-seed too frequently, or else the entropy source might block.


Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:

bad Java

Random random = new Random(System.currentTimeMillis());
int accountID = random.nextInt();

bad C

int randNum = rand();

An attacker can easily predict the seed used by these PRNGs, and so also predict the stream of random numbers generated. Note these examples also exhibit CWE-338 (Use of Cryptographically Weak PRNG).


映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Predictable Seed in PRNG
The CERT Oracle Secure Coding Standard for Java (2011) MSC02-J Generate strong random numbers