This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Insufficient Entropy

From OWASP
Revision as of 01:18, 31 May 2009 by Deleted user (talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/bireba/nortonantivirus.html antivirus software sales ] [http://s1.shard.jp/galeach/new12.html southwest asia and north africa map ] [http://s1.shard.jp/losaul/little-tykes-toys.html australian batman robin ] [http://s1.shard.jp/losaul/australian-momentum.html gin gin western australia ] [http://s1.shard.jp/frhorton/mgsbz3g84.html african american first millionaire who ] [http://s1.shard.jp/frhorton/rykfyeh82.html africa waterfall ] [http://s1.shard.jp/bireba/symantec-antivirus.html ebay software computers networking and antivirus ] [http://s1.shard.jp/frhorton/6jht1xnfg.html human science research council south africa ] [http://s1.shard.jp/bireba/symantec-antivirus.html avg antivirus registration ] [http://s1.shard.jp/olharder/auto-remer.html automotive axles ] [http://s1.shard.jp/frhorton/17h5odjs2.html african society and culture ] [http://s1.shard.jp/olharder/best-way-auto-care.html barry stevens autos ] [http://s1.shard.jp/bireba/norotn-antivirus.html norton antivirus 2005 product keygen ] [http://s1.shard.jp/galeach/new150.html asian furniture company ] [http://s1.shard.jp/bireba/alertas-antivirus.html noton antivirus ] [http://s1.shard.jp/bireba/nortons-antivirus.html avg free antivirus review ] [http://s1.shard.jp/losaul/unley-council-south.html australian open tenis 2005 ] [http://s1.shard.jp/bireba/ravantivirus.html avg free antivirus download ] [http://s1.shard.jp/frhorton/ru5u87lsh.html african marriage ritual ] [http://s1.shard.jp/galeach/new79.html animals of the asian rainforest ] [http://s1.shard.jp/olharder/automotive-detailing.html auto consumer guide ] [http://s1.shard.jp/bireba/download-kaspersky.html antivirus software adaware ] [http://s1.shard.jp/frhorton/8qgvhwuw2.html panama south africa travel agent ] [http://s1.shard.jp/galeach/new22.html asian handicap calculator ] [http://s1.shard.jp/olharder/automatic-direction.html us suppliers automobile parts manufactures ] [http://s1.shard.jp/bireba/clam-win-antivirus.html norton antivirus updates 2005 ] [http://s1.shard.jp/frhorton/ds9o5dtz4.html muslim african american ] [http://s1.shard.jp/losaul/ozone-therapy-australia.html jeans west australia ] [http://s1.shard.jp/olharder/brandon-auto.html grand valley auto ] [http://s1.shard.jp/frhorton/dfj31yuuh.html africa club economic travel ] [http://s1.shard.jp/bireba/guard-antivirus.html trend housecall antivirus ] [http://s1.shard.jp/olharder/1-800-safe-auto.html auto detailing virginia ] [http://s1.shard.jp/frhorton/tiwomyd3z.html african american for girl hair style little ] [http://s1.shard.jp/frhorton/91rryr9x4.html west africa information ] [http://s1.shard.jp/frhorton/1aei449pv.html cold war in africa ] [http://s1.shard.jp/olharder/pyles-auto-sales.html texas auto swap meets ] [http://s1.shard.jp/bireba/cheap-norton-antivirus.html nortan antivirus 2005 download ] learners license south africa [http://s1.shard.jp/olharder/canadian-auto.html auto hose clamps ] [http://s1.shard.jp/frhorton/pr9rl67ra.html summer volunteer work in africa ] [http://s1.shard.jp/frhorton/dkumgq8of.html business community south africa ] sitemap [http://s1.shard.jp/bireba/sonicwall-gateway.html top antivirus for 2005 ] [http://s1.shard.jp/olharder/automotive-latch.html automotive dash kits ] [http://s1.shard.jp/frhorton/9rxlvcl6n.html time in johannesburg south africa ] [http://s1.shard.jp/olharder/long-term-auto.html automobile first queens suburb ] [http://s1.shard.jp/bireba/avg-antivirus.html uninstall norton antivirus corporate edition 9 ] [http://s1.shard.jp/frhorton/4jl7mv47m.html peninsula hotel cape town south africa ]

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.


This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Last revision (mm/dd/yy): 05/31/2009

Vulnerabilities Table of Contents

Description

When an undesirably low amount of entropy is available. Psuedo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized, because entropy data may not be available to them yet.

Risk Factors

TBD

Examples

TBD

Related Attacks

  • In many case,s a PRNG uses a combination of the system clock and entropy to create seed data. If insufficient entropy is available, an attacker can reduce the size magnitude of the seed value considerably. Furthermore, by guessing values of the system clock, they can create a manageable set of possible PRNG outputs.

Related Vulnerabilities


Related Controls

  • Many PRNG's (/dev/random and /dev/urandom for example) store their last value before shutdown. By using this value at intialization, they can sometimes avoid insufficient or predictable starting entropy.

Related Technical Impacts


References

TBD