Failure of TRNG

From Guidance Share

Jump to: navigation, search

Contents

Description

Some true random number generators \have a limited source of entropy and therefore can fail or block.


Applies To

  • Languages: Any
  • Operating platforms: Any


Example

Functions such as hwRandom() can only produce random numbers at a certain rate. If used for non-security purposes or if random numbers are generated too quickly it is possible for the function to fail.


Impact

  • Availability: A program may crash or block if it runs out of random numbers


Vulnerabilities

  • Use of a random number generator that can produce a limited amount of random numbers and not accounting for this limit.


Countermeasures

  • Implementation: Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created.


Vulnerability Patterns


How Tos

Personal tools