This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Insufficient Entropy"

From OWASP
Jump to: navigation, search
(Description: added basic definition)
(Related Threats)
Line 8: Line 8:
  
 
==Related Threats==
 
==Related Threats==
 +
 +
In many cases a PRNG uses a combination of the system clock and entropy to create seed data. In the case where insufficient entropy is available, an attacker can reduce the size magnitude of the seed value considerably. Furthermore, by guessing values of the system clock, they can create a manageable set of possible PRNG outputs.
  
 
==Related Attacks==
 
==Related Attacks==

Revision as of 20:59, 12 February 2007

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Description

When an undesirably low amount of random data is available. Psuedo Random Number Generators are susceptible to suffering from insufficient entropy when they are initialized because random data may not be available to them yet.

Examples

Related Threats

In many cases a PRNG uses a combination of the system clock and entropy to create seed data. In the case where insufficient entropy is available, an attacker can reduce the size magnitude of the seed value considerably. Furthermore, by guessing values of the system clock, they can create a manageable set of possible PRNG outputs.

Related Attacks

Related Vulnerabilities

Related Countermeasures

Category:Cryptography

Categories

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.