Insufficient Entropy in PRNG

From Guidance Share

Jump to: navigation, search



The lack of entropy available for, or used by, a pseudo-random number genenrator (PRNG) can be a stability and security threat.

Applies To

  • Languages: Any
  • Operating platforms: Any



  • Availability: If a pseudo-random number generator (PRNG) is using a limited entropy source which runs out (if the generator fails closed), the program may pause or crash.
  • Authentication: If a PRNG is using a limited entropy source the generator could produce predictable random numbers. A weak source of random numbers could weaken the encryption method used for authentication of users.


  • Failure to account for a PRNG running out of random numbers.


  • Implementation: Use cryptographically strong random number generators.

Vulnerability Patterns

How Tos

Personal tools