CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG). [Cryptographic-Issues, Random-Number-Issues, Protection-Mechanism-Failure]

Required inputs: IR

The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

When a non-cryptographic PRNG is used in a cryptographic context, it can expose the cryptography to certain types of attacks.

Often a pseudo-random number generator (PRNG) is not designed for cryptography. Sometimes a mediocre source of randomness is sufficient or preferable for algorithms that use random numbers. Weak generators generally take less processing power and/or do not use the precious, finite, entropy sources on a system. While such PRNGs might have very useful features, these same features could be used to break the cryptography.

Demonstrative Examples

Example 1

Both of these examples use a statistical PRNG seeded with the current value of the system clock to generate a random number:

Example Language:Java (Unsupported language for documentation only)
    Random random = new Random(System.currentTimeMillis());
    int accountID = random.nextInt();

Example Language:C
    srand(time());
    int randNum = rand();

The random number functions used in these examples, rand() and Random.nextInt(), are not considered cryptographically strong. An attacker may be able to predict the random numbers generated by these functions. Note that these example also exhibit CWE-337 (Predictable Seed in PRNG).

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
forbidden_libfunc_call	Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

blacklist

blacklist

Type: dict[bauhaus.analysis.config.FileGlobPattern, list[bauhaus.analysis.config.GlobPattern]]

Default:

{
   '*stdlib.h': ['rand']
}

Dictionary of header globbing to (list of) function name globbing(s) of forbidden functions.