CWE-1241Use of Predictable Algorithm in Random Number Generator

Description

The device uses an algorithm that is predictable and generates a pseudo-random number.

[object Object]

Common consequences

• Confidentiality→Read Application Data

Potential mitigations

• Architecture and Design
  It is highly recommended to use a true random number generator (TRNG) to ensure the security of encryption schemes. Hardware-based TRNGs generate unpredictable, unbiased, and independent random numbers because they employ physical phenomena, e.g., electrical noise, as sources to generate random numbers.
• Implementation
  It is highly recommended to use a true random number generator (TRNG) to ensure the security of encryption schemes. Hardware-based TRNGs generate unpredictable, unbiased, and independent random numbers because they employ physical phenomena, e.g., electrical noise, as sources to generate random numbers.

Related CWEs

Recent CVEs classified under this CWE