Improper Handling of Insufficient Entropy in TRNG |
Weakness ID: 333 (Weakness Variant) | Status: Draft |
Description Summary
Extended Description
The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.
Scope | Effect |
---|---|
Availability | A program may crash or block if it runs out of random numbers. |
Example 1
Phase: Implementation Rather than failing on a lack of random numbers, it is often preferable to wait for more numbers to be created. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Base | 331 | Insufficient Entropy | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Weakness Class | 703 | Failure to Handle Exceptional Conditions | Research Concepts1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
CLASP | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Common Consequences, Relationships, Other Notes, Taxonomy Mappings | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Description, Name | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Description, Other Notes | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Failure of TRNG | |||
2009-05-27 | Failure to Handle Insufficient Entropy in TRNG | |||
Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.
28 June 2016