Weak Random Number Generator

What is Weak Random Number Generator

Weak Random Number Generation occurs when an application does not properly seed random data, resulting in an attacker's ability to predict what comes next.

When can Weak Random Number Generation affect my application

Weak randomness occurs often when an application developer doesn't seed cryptographic algorithms, seeds with a constant, or just uses a standard "random" number.

How do I know if/where my application has a Weak Random Number Generator vulnerability

Contrast Assess can detect weak random number generation.

How do I fix Weak Random Number Generators

Developers should use strong sources, such as a secure random number generator or a hardware random number generator.

How do people attack Weak Random Number Generator flaws

Attackers do not attack random weak number generators directly, rather they watch the distribution of random events to detect patterns. When those patterns become predictable at an acceptable level of confidence, attackers simply game the system to win often enough and large enough.