{"@ID": "1241", "@Name": "Use of Predictable Algorithm in Random Number Generator", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Draft", "Description": "The device uses an algorithm that is predictable and generates a pseudo-random number.", "Extended_Description": {"xhtml:p": "Pseudo-random number generator algorithms are predictable because their registers have a finite number of possible states, which eventually lead to repeating patterns. As a result, pseudo-random number generators (PRNGs) can compromise their randomness or expose their internal state to various attacks, such as reverse engineering or tampering."}, "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "330", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Technology": {"@Class": "System on Chip", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Architecture and Design"}, {"Phase": "Implementation", "Note": "In many cases, the design originally defines a cryptographically secure random number generator, but is then changed during implementation due to unforeseen constraints."}]}, "Common_Consequences": {"Consequence": {"Scope": "Confidentiality", "Impact": "Read Application Data", "Likelihood": "High"}}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Architecture and Design", "Description": "It is highly recommended to use a true random number generator (TRNG) to ensure the security of encryption schemes. Hardware-based TRNGs generate unpredictable, unbiased, and independent random numbers because they employ physical phenomena, e.g., electrical noise, as sources to generate random numbers."}, {"Phase": "Implementation", "Description": "It is highly recommended to use a true random number generator (TRNG) to ensure the security of encryption schemes. Hardware-based TRNGs generate unpredictable, unbiased, and independent random numbers because they employ physical phenomena, e.g., electrical noise, as sources to generate random numbers."}]}, "Demonstrative_Examples": {"Demonstrative_Example": [{"Intro_Text": "Suppose a cryptographic function expects random value to be supplied for the crypto algorithm.", "Body_Text": "During the implementation phase, due to space constraint, a cryptographically secure random-number-generator could not be used, and instead  of using a TRNG (True Random Number Generator), a LFSR (Linear Feedback Shift Register) is used to generate a random value. While an LFSR will provide a pseudo-random number, its entropy (measure of randomness) is insufficient for a cryptographic algorithm."}, {"Intro_Text": "The example code is taken from the PRNG inside the buggy OpenPiton SoC of HACK@DAC'21 [REF-1370]. The SoC implements a pseudo-random number generator using a Linear Feedback Shift Register (LFSR).", "Body_Text": [{"xhtml:img": {"@src": "/data/images/LSFR-based-PRNG-CWE-1241.png", "@alt": "LSFR-based Pseudo-Random Number Generator"}}, {"xhtml:sup": ["6", "4", "3"], "#text": "An example of LFSR with the polynomial function P(x) = x+x+x+1 is shown in the figure."}, "A LFSR's input bit is determined by the output of a linear function of two or more of its previous states. Therefore, given a long cycle, a LFSR-based PRNG will enter a repeating cycle, which is predictable."], "Example_Code": {"@Nature": "Bad", "@Language": "Verilog", "xhtml:b": ["reg in_sr, entropy16_valid;", "reg [15:0] entropy16;", "assign entropy16_o = entropy16;", "assign entropy16_valid_o = entropy16_valid;", "always @ (*)", "begin", "end"], "xhtml:br": [null, null, null, null, null, null, null, null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:b": "in_sr = ^ (poly_i [15:0] & entropy16 [15:0]);", "xhtml:br": null}}}]}, "Observed_Examples": {"Observed_Example": {"Reference": "CVE-2021-3692", "Description": "PHP framework uses mt_rand() function (Marsenne Twister) when generating tokens", "Link": "https://www.cve.org/CVERecord?id=CVE-2021-3692"}}, "Related_Attack_Patterns": {"Related_Attack_Pattern": {"@CAPEC_ID": "97"}}, "References": {"Reference": {"@External_Reference_ID": "REF-1370"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Notes": {"Note": {"@Type": "Maintenance", "#text": "As of CWE 4.5, terminology related to randomness, entropy, and\n\t   predictability can vary widely. Within the developer and other\n\t   communities, \"randomness\" is used heavily. However, within\n\t   cryptography, \"entropy\" is distinct, typically implied as a\n\t   measurement. There are no commonly-used definitions, even within\n\t   standards documents and cryptography papers. Future versions of\n\t   CWE will attempt to define these terms and, if necessary,\n\t   distinguish between them in ways that are appropriate for\n\t   different communities but do not reduce the usability of CWE for\n\t   mapping, understanding, or other scenarios."}}, "Content_History": {"Submission": {"Submission_Name": "Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi", "Submission_Organization": "Intel Corporation", "Submission_Date": "2020-02-10", "Submission_Version": "4.0", "Submission_ReleaseDate": "2020-02-24"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-06-25", "Modification_Version": "4.1", "Modification_ReleaseDate": "2020-06-25", "Modification_Comment": "updated Common_Consequences, Demonstrative_Examples, Modes_of_Introduction"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-08-20", "Modification_Version": "4.2", "Modification_ReleaseDate": "2020-08-20", "Modification_Comment": "updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Modes_of_Introduction, Potential_Mitigations, Related_Attack_Patterns, Research_Gaps"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-03-15", "Modification_Version": "4.4", "Modification_ReleaseDate": "2021-03-15", "Modification_Comment": "updated Maintenance_Notes, Research_Gaps"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-07-20", "Modification_Version": "4.5", "Modification_ReleaseDate": "2021-07-20", "Modification_Comment": "updated Maintenance_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Demonstrative_Examples, Description, Observed_Examples, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-04-03", "Modification_Version": "4.17", "Modification_ReleaseDate": "2025-04-03", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Description, Potential_Mitigations, Relationships, Weakness_Ordinalities"}], "Contribution": [{"@Type": "Content", "Contribution_Name": "Chen Chen, Rahul Kande, Jeyavijayan Rajendran", "Contribution_Organization": "Texas A&M University", "Contribution_Date": "2023-06-21", "Contribution_Comment": "suggested demonstrative example"}, {"@Type": "Content", "Contribution_Name": "Shaza Zeitouni, Mohamadreza Rostami, Ahmad-Reza Sadeghi", "Contribution_Organization": "Technical University of Darmstadt", "Contribution_Date": "2023-06-21", "Contribution_Comment": "suggested demonstrative example"}]}}
