Improper Handling of Insufficient Entropy in TRNG

Description

This vulnerability occurs when a system fails to properly manage the limited or unpredictable output rate of a true random number generator (TRNG), potentially causing failures, delays, or weakened security.

Extended Description

True Random Number Generators (TRNGs) rely on unpredictable physical processes, like electronic noise, to produce entropy. Unlike software-based generators, their output rate is inherently limited and can sometimes stall if the entropy source is exhausted, causing applications to hang or fail when they demand random data faster than the hardware can supply. For security-critical operations, such as cryptographic key generation or session token creation, this limitation is a major risk. Developers must design their systems to handle these slow or blocked states gracefully—for example, by using TRNG output only to seed cryptographically secure pseudorandom number generators (CSPRNGs)—and avoid using TRNGs directly in performance-sensitive or synchronous loops where a delay could break functionality.

Common Consequences 1

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

A program may crash or block if it runs out of random numbers.

Potential Mitigations 1

Phase: Implementation

Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created.

Demonstrative Examples 1

This code uses a TRNG to generate a unique session id for new connections to a server:

Code Example:Bad
C
c

This code does not attempt to limit the number of new connections or make sure the TRNG can successfully generate a new random number. An attacker may be able to create many new connections and exhaust the entropy of the TRNG. The TRNG may then block and cause the program to crash or hang.

References 1

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

Likelihood of Exploit

Low

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Weaknesses

ChildOf:

Insufficient Entropy (CWE-331)

ChildOf:

Improper Handling of Exceptional Conditions (CWE-755)

Taxonomy Mapping

CLASP
The CERT Oracle Secure Coding Standard for Java (2011)

Notes

MaintenanceAs of CWE 4.5, terminology related to randomness, entropy, and predictability can vary widely. Within the developer and other communities, "randomness" is used heavily. However, within cryptography, "entropy" is distinct, typically implied as a measurement. There are no commonly-used definitions, even within standards documents and cryptography papers. Future versions of CWE will attempt to define these terms and, if necessary, distinguish between them in ways that are appropriate for different communities but do not reduce the usability of CWE for mapping, understanding, or other scenarios.